The plug-in results in the following alert when a site using the plugin is scanned using Sucuri.net
WordPress internal path: [exact path description removed]… /wp-content/themes/[theme used]
I’ve removed the precise path and theme information for my own site, but you get the idea. The plug-in potentially makes a site more vulnerable to attacks by displaying the literal WordPress path and server information.
More about the seriousness of this issue can be found on the Sucuri.net website here:
Please resolve this issue or provide a suggestion to prevent it.
- The topic ‘[Plugin: WordPress File Monitor] Creates Potential Security Vulnerability’ is closed to new replies.