Description

A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each one of these files could help an attacker to learn more about his target.

Remediation

Restrict access to this file or remove it from the website.

References

Web Server Security and Database Server Security

Related Vulnerabilities

WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-29450)

WordPress Plugin Pike Firewall Information Disclosure (1.4)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.28)

WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Test Files