WordPress User Registration Panel - Detect
ID: wp-registration-enabled
Severity: info
Author: tess,DhiyaneshDK
Tags: wordpress,wp,misconfig
Description
Section titled “Description”WordPress user registration is currently configured so that anyone can register as a user, thereby enabling an attacker to possibly access sensitive data and execute unathorized operations.
YAML Source
Section titled “YAML Source”id: wp-registration-enabled
info: name: WordPress User Registration Panel - Detect author: tess,DhiyaneshDK severity: info description: | WordPress user registration is currently configured so that anyone can register as a user, thereby enabling an attacker to possibly access sensitive data and execute unathorized operations. remediation: | Disable user registration if not needed. To do so, log in as an administrator and go to Settings -> General and uncheck "Anyone can register." reference: - https://www.acunetix.com/vulnerabilities/web/wordpress-user-registration-enabled/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: verified: true max-request: 1 tags: wordpress,wp,misconfig
http: - method: GET path: - "{{BaseURL}}/wp-login.php"
matchers-condition: and matchers: - type: word part: body words: - '?action=register"'
- type: word part: header words: - 'text/html'
- type: status status: - 200# digest: 4a0a00473045022004dd299a7e48839a515f30e920fc4bc63eef16eb7ef933d5c25c27012c029cf502210098c6d8757ca7e4c7e44efc4ba836bb2c19bb9437eca3095d80d1c6b8a872043b:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/misconfiguration/wp-registration-enabled.yaml"