Description

WPEngine is a provider of managed WordPress hosting. WPEngine creates a folder named _wpeprivate that contains the config.json file. This file contains highly sensitive information (such as WPEngine database credentials) and should not be publicly accessible. It was confirmed that it's possible to access this file without authorization.

Remediation

You should restrict access to the _wpeprivate directory by adjusting your web server configuration.

References

P1 Vulnerability in 60 seconds

WPEngine

Related Vulnerabilities

[Possible] Sublime SFTP Config File Detected

Reachable SharePoint interface

Virtual host directory listing

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)

JBoss Server MBean

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure