From c962cea33ae5b51b1660c70d774860748daaa094 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 30 Jan 2026 00:19:26 +0700
Subject: [PATCH 1/2] Added WordPress wp-links-opml.php - Version Disclosure

---
 http/exposures/files/wp-links-opml.yaml | 50 +++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 http/exposures/files/wp-links-opml.yaml

diff --git a/http/exposures/files/wp-links-opml.yaml b/http/exposures/files/wp-links-opml.yaml
new file mode 100644
index 00000000000..381674c904a
--- /dev/null
+++ b/http/exposures/files/wp-links-opml.yaml
@@ -0,0 +1,50 @@
+id: wp-links-opml
+
+info:
+  name: WordPress wp-links-opml.php - Version Disclosure
+  author: princechaddha
+  severity: info
+  description: |
+    WordPress wp-links-opml.php file is publicly accessible and exposes the WordPress version in the generator tag.
+  reference:
+    - https://www.acunetix.com/vulnerabilities/web/wordpress-version-disclosed/
+    - https://wordpress.org/
+  classification:
+    cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: wordpress
+    product: wordpress
+    shodan-query:
+      - http.component:"wordpress"
+      - cpe:"cpe:2.3:a:wordpress:wordpress"
+  tags: exposure,wordpress,wp,version,files
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-links-opml.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<generator>https://wordpress.org/?v="
+
+      - type: word
+        part: header
+        words:
+          - "text/xml"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        name: version
+        group: 1
+        regex:
+          - '<generator>https://wordpress\.org/\?v=([0-9.]+)</generator>'

From 3f5351e08f815eea2c247379a3f0ebbdf70acbeb Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Fri, 30 Jan 2026 07:47:13 +0900
Subject: [PATCH 2/2] Fix false negative wp-links-opml.yaml

---
 http/exposures/files/wp-links-opml.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/http/exposures/files/wp-links-opml.yaml b/http/exposures/files/wp-links-opml.yaml
index 381674c904a..5aa9198a2be 100644
--- a/http/exposures/files/wp-links-opml.yaml
+++ b/http/exposures/files/wp-links-opml.yaml
@@ -5,7 +5,7 @@ info:
   author: princechaddha
   severity: info
   description: |
-    WordPress wp-links-opml.php file is publicly accessible and exposes the WordPress version in the generator tag.
+    WordPress wp-links-opml.php file was publicly accessible and expossed the WordPress version in the generator tag.
   reference:
     - https://www.acunetix.com/vulnerabilities/web/wordpress-version-disclosed/
     - https://wordpress.org/
@@ -31,7 +31,9 @@ http:
       - type: word
         part: body
         words:
-          - "<generator>https://wordpress.org/?v="
+          - "generator="
+          - "WordPress/"
+        condition: and
 
       - type: word
         part: header
@@ -47,4 +49,4 @@ http:
         name: version
         group: 1
         regex:
-          - '<generator>https://wordpress\.org/\?v=([0-9.]+)</generator>'
+          - '(?i)generator="?WordPress/([0-9.]+)"?'