Information Disclosure - WordPress CMS

Jerry Shah (Jerry)
2 min readJan 26, 2020

Summary :

CMS stands for ‘Content Management System’. It allows you to control and manage the content within your website without technical training.

Many websites now a days is using WordPress CMS because WordPress CMS is simple and easy to use. Now the common mistake done by the developers here is that they don’t restrict some of the endpoints which can lead to information disclosure of the admin users.

How to find this vulnerability ?

  1. Go to any website that uses wordpress CMS (You can identify website technologies using wappalyzer )
Website using WordPress CMS

2. Right click on any image and click on view image

3. Now the following page will appear which will be having the URL : https://www.website.com/wp-content/uploads/2019/08/photo.png

4. Now edit the URL like https://www.webiste.com/wp-json/wp/v2/users

Admin Users
Admin Users

This is the most common vulnerability that is found in the websites using wordpress CMS. You can also check for https://www.website.com/wp-json/wp/v2/pages which will leak IP address - (It rarely happens).

Thank You :)

Instagram : jerry._.3

--

--

Jerry Shah (Jerry)

|Penetration Tester| |Hack The Box| |Digital Forensics| |Malware Analysis|