Skip to content

Information Disclosure: WordPress oEmbed Endpoint Exposure¶

Identifier: wordpress_oembed_endpoint_exposed

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress oEmbed endpoint exposure at /oembed/1.0/embed allows unauthenticated users to request embedded content, potentially leading to information leakage and post enumeration.

How we test: We attempt to access the /oembed/1.0/embed endpoint without authentication and analyze responses to detect if embedded content and metadata can be accessed. We check if the endpoint allows unauthenticated requests that could be used to enumerate posts or extract site metadata.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_oembed_endpoint_exposed:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.