Support » Plugin: All in One SEO Pack » aioseopadmin.pluginPath may be a security risk

  • Resolved jorgeorpinel


    Using plugin version (

    on admin pages, the plugin defines

    var aioseopadmin = {

    in a <script> tag in the DOM. The pluginPath property has the full PATH to the file system location where the plugin lives.

    Most system admins will consider such a disclosure a security risk. I changed the following line in aioseop_functions.php from

    pluginPath: "<?php print AIOSEOP_PLUGIN_DIR; ?>",


    pluginPath: "<?php print AIOSEOP_PLUGIN_BASENAME; ?>",

    since the value seems to be completely unused anyway.

    Please consider removing that value.

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘aioseopadmin.pluginPath may be a security risk’ is closed to new replies.