WordPress.org

Make WordPress Core

#44700 closed defect (bug) (duplicate)

Full path disclosure on rss-functions.php

Reported by: damithruwan1234 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:
PR Number:

Description

I was running some security test on my WordPress ditr and noticed that all of them have a full path disclosure on the following url.

https://mydomains.com/wp-includes/rss-functions.php

Change History (1)

#1 @swissspidy
16 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hey there

This has come up many times before, for example in #36177, #30806, and most recently in #44663.

Path disclosure is a server configuration problem. Never enable display_errors on a production site. See Security FAQ.

Note: See TracTickets for help on using tickets.