Description

WordPress root directory contains a file named readme.html. The readme.html file may reveal sensitive information and is not needed from a functional perspective.

Remediation

Delete the /readme.html file from the WordPress root directory.

References

OWASP Wordpress Security Implementation Guideline

Related Vulnerabilities

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.24)

WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)

Severity

Info

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure Test Files