Wordpress XML-RPC listMethods Exposure
The Wordpress XML-RPC system.listMethods exposes standard and custom methods.
XML-RPC system.listMethods is used to view a list of available methods that may be called on the remote system.
Attackers can use this information to launch various types of attacks against a vulnerable Wordpress installation. For example, it is possible to enumerate the installed blogs as well as users.
Consider disabling system.listMethods by using XML-RPC method filters.
Was this page helpful?