Vulnerability Database

Wordpress XM-RPC listMethods Exposure

XML-RPC system.listMethods is used to view a list of available methods that may be called on the remote system.

Attackers can use this information to launch various types of attacks against a vulnerable Wordpress installation. For example, it is possible to enumerate the installed blogs as well as users.

Solution

Consider disabling system.listMethods by using XML-RPC method filters.

References

Ultimate

Enterprise
  • All Tools, Services, and Plans
  • Suitable For Enterprises
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing