Skip to content

Information Disclosure: WordPress wp-cron Exposed¶

Identifier: wordpress_wp_cron_exposed

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress wp-cron.php endpoint exposure allows unauthenticated access to WordPress scheduled tasks, potentially causing performance degradation or denial-of-service attacks if the endpoint is abused.

How we test: We attempt to access the /wp-cron.php endpoint without authentication and analyze responses to detect if scheduled tasks can be invoked externally. We check if the endpoint is accessible and if it allows unauthenticated requests that could be exploited for resource exhaustion.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_wp_cron_exposed:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.