Wordpress XML-RPC listMethods Exposure
The Wordpress XML-RPC system.listMethods exposes standard and custom methods.
- wordpress
- xml-rcp
- listmethods
- exposure
XML-RPC system.listMethods is used to view a list of available methods that may be called on the remote system.
Impact
Attackers can use this information to launch various types of attacks against a vulnerable Wordpress installation. For example, it is possible to enumerate the installed blogs as well as users.
Solution
Consider disabling system.listMethods by using XML-RPC method filters.
References
Was this page helpful?