From 3f5351e08f815eea2c247379a3f0ebbdf70acbeb Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Fri, 30 Jan 2026 07:47:13 +0900
Subject: [PATCH] Fix false negative wp-links-opml.yaml

---
 http/exposures/files/wp-links-opml.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/http/exposures/files/wp-links-opml.yaml b/http/exposures/files/wp-links-opml.yaml
index 381674c904a..5aa9198a2be 100644
--- a/http/exposures/files/wp-links-opml.yaml
+++ b/http/exposures/files/wp-links-opml.yaml
@@ -5,7 +5,7 @@ info:
   author: princechaddha
   severity: info
   description: |
-    WordPress wp-links-opml.php file is publicly accessible and exposes the WordPress version in the generator tag.
+    WordPress wp-links-opml.php file was publicly accessible and expossed the WordPress version in the generator tag.
   reference:
     - https://www.acunetix.com/vulnerabilities/web/wordpress-version-disclosed/
     - https://wordpress.org/
@@ -31,7 +31,9 @@ http:
       - type: word
         part: body
         words:
-          - "<generator>https://wordpress.org/?v="
+          - "generator="
+          - "WordPress/"
+        condition: and
 
       - type: word
         part: header
@@ -47,4 +49,4 @@ http:
         name: version
         group: 1
         regex:
-          - '<generator>https://wordpress\.org/\?v=([0-9.]+)</generator>'
+          - '(?i)generator="?WordPress/([0-9.]+)"?'