id: wp-yoast-user-enumeration

info:
  name: WordPress Yoast SEO Plugin -  User Enumeration
  author: FLX
  severity: info
  reference:
    - https://developer.yoast.com/features/xml-sitemaps/functional-specification/
  classification:
    cpe: cpe:2.3:a:yoast:yoast_seo:*:*:*:*:wordpress:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: yoast
    product: yoast_seo
    google-query: inurl:"/author-sitemap.xml"
  tags: wp,wp-plugin,wordpress,username,disclosure

http:
  - raw:
      - |
        @timeout: 15s
        GET /author-sitemap.xml HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<?xml"
          - "<lastmod>"
          - "<loc>"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 490a0046304402201f340633dd52cc98d5e66485d0017e2ecee71b7d98a670df6600f253da1cfa4f022026a75a0efd2d45b4c948f97a78c2ad59d3b65c2fb5e3531bf23c5ee294e0c7dd:922c64590222798bb761d5b6d8e72950