H3-2025-0021
Wordpress Directory Listing
| Category | SECURITY_MISCONFIGURATION |
| Base Score | 5.3 |
Description
Directory listing allows unauthorized users to view and access the contents of directories on the server directly through a web browser. An attacker could exploit this misconfiguration by navigating to directories that usually should not be visible and uncovering sensitive files, such as backup files, configuration files, or other documents that should not be publicly accessible.
Impact
Exploiting this misconfiguration could lead to an attacker obtaining sensitive information stored within the directories. This information might include configuration details, database credentials, or other confidential data which could be used to further compromise the website or server.