Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Remediation
Disable TRACE Method on the web server.
References
Related Vulnerabilities
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)
WordPress Plugin Unyson Information Disclosure (2.7.18)
WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)
WordPress Plugin Page and Post Clone Information Disclosure (1.1)