The Web Service Definition Language (WSDL) file is a web services deployment descriptor that outlines the functionality provided by the web service, the expected syntax, the input, and output points, and the location to access the service. In effect, the WSDL file reveals the web services location, the methods it provides and assumptions it makes regarding input points. This information is a goldmine for threat actors with malicious intent.
WSDL Leakage refers to discovering non-public web services by retrieving their WSDL file. Once an attacker has access, they can extract endpoints from the WSDL file.