Added WordPress wp-links-opml.php - Version Disclosure

2026-01-31 15:53:33 +08:00 · 2026-01-30 00:19:26 +07:00
parent 5fe21b1cbf
commit c962cea33a
1 changed files with 50 additions and 0 deletions
--- a/http/exposures/files/wp-links-opml.yaml
+++ b/http/exposures/files/wp-links-opml.yaml
@@ -0,0 +1,50 @@
+id: wp-links-opml
+
+info:
+  name: WordPress wp-links-opml.php - Version Disclosure
+  author: princechaddha
+  severity: info
+  description: |
+    WordPress wp-links-opml.php file is publicly accessible and exposes the WordPress version in the generator tag.
+  reference:
+    - https://www.acunetix.com/vulnerabilities/web/wordpress-version-disclosed/
+    - https://wordpress.org/
+  classification:
+    cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: wordpress
+    product: wordpress
+    shodan-query:
+      - http.component:"wordpress"
+      - cpe:"cpe:2.3:a:wordpress:wordpress"
+  tags: exposure,wordpress,wp,version,files
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-links-opml.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<generator>https://wordpress.org/?v="
+
+      - type: word
+        part: header
+        words:
+          - "text/xml"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        name: version
+        group: 1
+        regex:
+          - '<generator>https://wordpress\.org/\?v=([0-9.]+)</generator>'