?bfa_ata_file=css Source Code Disclosure
Hi Folks!
WP 3.1.4 ATA 3.6.7 > All 3.6.7 Bug Fixes employed. > CSS is set to External. I've just had scan result from WebsiteDefender: ALERT Source code disclosure (http://www.xxxxxx/?bfa_ata_file=css) http://www.xxxxxx/?bfa_ata_file=css <?php bloginfo('template_directory');?> Source code patterns were found on this page. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks. EDIT: 1) On 3.6.4. site(s) - having run WebsiteDefender - this issue does not occur. 2) Only, seemingly, occurs on 3.6.7 site (with the 3.6.7 bug fixes employed). [By the way, I have NOT, ever, used the plugins AddThis, WP Touch or W3 Total Cache - on any site] |
was the site in 3.6.4 using CSS external or internal?
|
Quote:
EDIT: Actually, just had a look and the 3.6.4 site is using CSS inline/internal. |
Simply wish to include this reference link, so as to come back to later.
CSS all dumped into the <head> of the files. Why? . |
All times are GMT -6. The time now is 10:10 PM. |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.