Description
During the scan, Cytrix managed to find the WordPress – Directory Listing vulnerability.
Directory listing allows a potential attacker to access and navigate through folders and files of the system. Any sensitive resources should be access-controlled, and should not be accessible to any unauthorized personal.
Exploiting the WordPress – Directory Listing, an attacker could guess the location of sensitive files using automated tools and access these files, this may lead to data being disclosed to him, which can cause further, more extensive damage.
Directory listing is a type of Web page that lists files and directories that exist on a Web server.
Organized to be navigated by clicking directory links, directory listings commonly have a title that describes the current directory, a list of files, and directories that can be clicked.
Severity/Score
Average Score – 5.3 Medium
Recommendation
Make sure that only authorized personal has access to this directory and hide all the records related to the files inside it.
References
https://cwe.mitre.org/data/definitions/548.html