Description

WPEngine is a provider of managed WordPress hosting. WPEngine creates a folder named _wpeprivate that contains the config.json file. This file contains highly sensitive information (such as WPEngine database credentials) and should not be publicly accessible. It was confirmed that it's possible to access this file without authorization.

Remediation

You should restrict access to the _wpeprivate directory by adjusting your web server configuration.

References

P1 Vulnerability in 60 seconds

WPEngine

Related Vulnerabilities

WordPress Plugin Unyson Information Disclosure (2.7.18)

MediaWiki multiple remote vulnerabilities

Nginx memory disclosure with specially crafted HTTP backend responses

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

WordPress Plugin ACF to REST API Information Disclosure (3.2.0)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure