Skip to content

Information Disclosure: WordPress wp-cron Exposed

Identifier: wordpress_wp_cron_exposed

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

The issue arises when the wp-cron.php file is accessible without authentication, allowing external users to invoke WordPress scheduled tasks. This can potentially lead to performance degradation or a denial-of-service attack if the endpoint is bombarded with requests. This should be properly secured or restricted.

Configuration

Example

Example configuration:

---
security_tests:
  wordpress_wp_cron_exposed:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.