Wordpress XML-RPC listMethods Exposure

The Wordpress XML-RPC system.listMethods exposes standard and custom methods.

  • wordpress
  • xml-rcp
  • listmethods
  • exposure

XML-RPC system.listMethods is used to view a list of available methods that may be called on the remote system.

Impact

Attackers can use this information to launch various types of attacks against a vulnerable Wordpress installation. For example, it is possible to enumerate the installed blogs as well as users.

Solution

Consider disabling system.listMethods by using XML-RPC method filters.

References

Was this page helpful?