get_vulnerabilities(); $config_files = str_replace( ABSPATH, '', glob( ABSPATH . 'wp-config.*' ) ); foreach ( $config_files as $config_file ) { if ( 'wp-config.php' === $config_file ) continue; // Ignore wp-config.php file. $path = ABSPATH . $config_file; $url = esc_url( get_site_url() . '/' . $config_file ); if ( file_exists( $path ) ) { $response = wp_remote_head( $url, array( 'timeout' => 5 ) ); $code = wp_remote_retrieve_response_code( $response ); if ( 200 === $code ) { $this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " $url.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/2021/04/01/wordpress-wp-config-backup-file.html' ); } } } } }