Skip to content

Information Disclosure: WordPress RDF Feed Users Exposed

Identifier: wordpress_rdf_feed_user_exposed

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

WordPress RDF feed exposure at /feed/rdf/ allows unauthenticated access to post metadata including author details, enabling user enumeration and targeted attacks.

How we test: We attempt to access the /feed/rdf/ endpoint without authentication and analyze responses to detect if post metadata and author details are exposed. We check if the feed discloses user information that could be used for enumeration.

Configuration

Example

Example configuration:

---
security_tests:
  wordpress_rdf_feed_user_exposed:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.