Sensitive Data: WordPress Wordfence 7.4.5 - Local File Inclusion¶

Identifier: wordpress_wordfence_lfi

Scanner(s) Support¶

Description¶

WordPress Wordfence 7.4.5 is vulnerable to local file inclusion.

Reference:

• https://www.exploit-db.com/exploits/48061
• https://www.nmmapper.com/st/exploitdetails/48061/42367/wordpress-plugin-wordfence745-local-file-disclosure/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_wordfence_lfi:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.