WordPress Security Bug:Display path and other Security info (4 posts)

  1. inaosoft
    Posted 5 years ago #

    The bug was found in current all version of wordpress.

    TEST BUG:http://www.mf8.com/wp-content/themes/blocks/

    Not only Themes show path,
    but also plugins do!!!
    TEST Plugin:http://www.mf8.com/wp-content/plugins/akismet/admin.php

    TEST Fixed:http://www.timer5.com/wp-content/themes/mi/

    WP team,It time to remove the "// Silence is golden."

    Some tome, Silence is not golden.


  2. esmi
    Forum Moderator
    Posted 5 years ago #

    That's not a bug in my opinion. If you think you have found a security issue, please do not post it here but email all details to security@wordpress.org.

  3. Rev. Voodoo
    Posted 5 years ago #

    Why would it matter that the full paths are show in plugins or themes?

    All WP installs have the same path to their theme and plugin directories.

    It takes a few seconds to find out what theme is installed on any WP site. I then just have to download the theme, and I have a full list of files in the theme directory of any site.

    Same goes for plugins. It's not hard to guess what plugins a site has, and all I have to do is download the plugin, and i know the structure.

  4. How is that a bug?

    I could have pulled that fatal-error a lot of ways and gotten your path info. So long as your server is secure, you're fine.

    If you twisted my arm, I'd say 'It's a PHP bug in that it discloses full server paths.'

    PS mine is /home/ipstenu/public_html/.....

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.