WordPress.org

Support

Support » Plugins and Hacks » [Resolved] aioseopadmin.pluginPath may be a security risk

[Resolved] aioseopadmin.pluginPath may be a security risk

  • Using plugin version (2.0.4.1)

    on admin pages, the plugin defines

    var aioseopadmin = {
    ...

    in a <script> tag in the DOM. The pluginPath property has the full PATH to the file system location where the plugin lives.

    Most system admins will consider such a disclosure a security risk. I changed the following line in aioseop_functions.php from

    pluginPath: "<?php print AIOSEOP_PLUGIN_DIR; ?>",

    to

    pluginPath: "<?php print AIOSEOP_PLUGIN_BASENAME; ?>",

    since the value seems to be completely unused anyway.

    Please consider removing that value.

    https://wordpress.org/plugins/all-in-one-seo-pack/

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Resolved] aioseopadmin.pluginPath may be a security risk’ is closed to new replies.