Sensitive Data: WordPress Wordfence 7.4.5 - Local File Inclusion¶
Identifier:
wordpress_wordfence_lfi
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
WordPress Wordfence 7.4.5 is vulnerable to local file inclusion, allowing attackers to read sensitive files from the server.
How we test: We test for local file inclusion vulnerabilities in WordPress Wordfence by injecting file path payloads and analyzing responses to detect if local files can be read and their contents exposed.
Reference:
- https://www.exploit-db.com/exploits/48061
- https://www.nmmapper.com/st/exploitdetails/48061/42367/wordpress-plugin-wordfence745-local-file-disclosure/
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.