Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f28cbbbbd92336690e5f5b7cf01d900bc1651aa4
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/Compliance/summary
GET /api/Compliance/users/requiring-review
GET /api/Compliance/users/{userId}
GET /api/Diagnostic/environment
GET /api/companies
GET /api/companies/{id}
GET /api/licenses
GET /api/licenses/types
GET /api/licenses/user/{userId}
GET /api/rewards/types
GET /api/rewards/types/company/{companyId}
GET /api/rewards/types/{id}
GET /api/roles
GET /api/roles/permissions
GET /api/roles/{id}
GET /api/users/admins
GET /api/users/customers
GET /api/users/me
GET /api/users/with-license-counts
GET /api/users/{id}
GET /email-templates
GET /email-templates/{id}
PATCH /api/Auth/login/verify
PATCH /api/Auth/register/resend
PATCH /api/Auth/register/verify
POST /api/Auth/forgot-password
POST /api/Auth/forgot-password/validate-code
POST /api/Auth/login
POST /api/Auth/logout
POST /api/Auth/refresh
POST /api/Auth/register
POST /api/Compliance/sync
POST /api/Compliance/users/{userId}/clear
POST /api/Compliance/users/{userId}/reject
POST /api/support/submit
POST /api/users
POST /email-templates/{id}/send
Open service 194.1.147.64:443 · www.salvoriasservices.com
2026-01-23 12:05
HTTP/1.1 301 Moved Permanently Date: Fri, 23 Jan 2026 12:05:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close X-Powered-By: PHP/8.1.34 X-Redirect-By: WordPress Location: https://salvoriasservices.com/ Vary: Accept-Encoding,Origin WPX: 1 X-turbo-charged-by: LiteSpeed X-Edge-Location: WPX CLOUD/FF02 alt-svc: h3=":443"; ma=86400 x-quic: h3 Server: WPX CLOUD/FF02 X-Cache-Status: MISS
Open service 194.1.147.64:443 · salvoriasservices.com
2026-01-23 05:07
HTTP/1.1 200 OK Date: Fri, 23 Jan 2026 05:07:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Encoding X-Powered-By: PHP/8.1.34 Link: <https://salvoriasservices.com/wp-json/>; rel="https://api.w.org/" Link: <https://salvoriasservices.com/wp-json/wp/v2/pages/22>; rel="alternate"; title="JSON"; type="application/json" Link: <https://salvoriasservices.com/>; rel=shortlink Vary: Accept-Encoding,Origin WPX: 1 X-turbo-charged-by: LiteSpeed X-Edge-Location: WPX CLOUD/LON01 cache-control: public,max-age=3600,stale-while-revalidate=21600 alt-svc: h3=":443"; ma=86400 x-quic: h3 Server: WPX CLOUD/LON01 X-Cache-Status: MISS