Skip to content

Resource Limitation: WordPress xmlrpc.php Exposed¶

Identifier: wordpress_xmlrpc_php_exposed

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress xmlrpc.php endpoint exposure allows unauthenticated access to the XML-RPC interface, enabling attackers to perform brute-force login attempts, resource-intensive pingbacks, or denial-of-service attacks.

How we test: We attempt to access the /xmlrpc.php endpoint without authentication and analyze responses to detect if the XML-RPC interface is exposed. We check if the endpoint is accessible and if it allows unauthenticated requests that could be abused for attacks.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_xmlrpc_php_exposed:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.