get_vulnerabilities();
$url = get_site_url() . '/xmlrpc.php';
// First check if the xmlrpc.php file returns a 405 code.
$is_available = wp_remote_get( $url, array( 'timeout' => 5 ) );
$is_available_code = wp_remote_retrieve_response_code( $is_available );
if ( 405 !== $is_available_code ) return;
// Try an authenticated request.
$authenticated_body = 'wp.getUsers1usernamepassword';
$authenticated_response = wp_remote_post( $url, array( 'body' => $authenticated_body ) );
if ( is_wp_error( $authenticated_response ) ) {
// The authenticated_response returned a WP_Error.
error_log( $authenticated_response->get_error_message() );
} else {
if ( preg_match( '/Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
return;
} else {
// Try an unauthenticated request.
$unauthenticated_body = 'demo.sayHello';
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
}
}
}
}
}