WordPress.org

Support

Support » Requests and Feedback » WordPress Security Bug:Display path and other Security info

WordPress Security Bug:Display path and other Security info

Viewing 3 replies - 1 through 3 (of 3 total)
  • esmi

    @esmi

    Forum Moderator

    That’s not a bug in my opinion. If you think you have found a security issue, please do not post it here but email all details to security@wordpress.org.

    Why would it matter that the full paths are show in plugins or themes?

    All WP installs have the same path to their theme and plugin directories.

    It takes a few seconds to find out what theme is installed on any WP site. I then just have to download the theme, and I have a full list of files in the theme directory of any site.

    Same goes for plugins. It’s not hard to guess what plugins a site has, and all I have to do is download the plugin, and i know the structure.

    How is that a bug?

    I could have pulled that fatal-error a lot of ways and gotten your path info. So long as your server is secure, you’re fine.

    If you twisted my arm, I’d say ‘It’s a PHP bug in that it discloses full server paths.’

    PS mine is /home/ipstenu/public_html/…..

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WordPress Security Bug:Display path and other Security info’ is closed to new replies.
Skip to toolbar