Is it normal that everything is plain browseable with a default installation?
Everyone can just look inside wp-content en see which themes, plugins en so on are installed.
And if you go to a theme file, then you have a full path disclosure.
full path: http://www.example.com/wp-content/default/index.php
I think that’s a serious security problem.
edit: sorry, wrong subforum….
- The topic ‘full path disclosure: security problem’ is closed to new replies.