Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme » New Versions, & Updating »

?bfa_ata_file=css Source Code Disclosure

Old Jul 3, 2011, 09:51 AM
KatyDigg's Avatar
319 posts · Jul 2009
Hi Folks!

WP 3.1.4

ATA 3.6.7

> All 3.6.7 Bug Fixes employed.

> CSS is set to External.

I've just had scan result from WebsiteDefender:

ALERT Source code disclosure (http://www.xxxxxx/?bfa_ata_file=css)

<?php bloginfo('template_directory');?>

Source code patterns were found on this page. The source code of server-side scripts helps an attacker to better understand the logic behind the Web application and may help him conduct further attacks.


1) On 3.6.4. site(s) - having run WebsiteDefender - this issue does not occur.

2) Only, seemingly, occurs on 3.6.7 site (with the 3.6.7 bug fixes employed).

[By the way, I have NOT, ever, used the plugins AddThis, WP Touch or W3 Total Cache - on any site]

Last edited by KatyDigg; Jul 4, 2011 at 03:54 AM. Reason: update - edit in
Old Jul 4, 2011, 07:01 AM
juggledad's Avatar
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
was the site in 3.6.4 using CSS external or internal?
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
Old Jul 4, 2011, 08:29 AM
KatyDigg's Avatar
319 posts · Jul 2009
Originally Posted by juggledad
was the site in 3.6.4 using CSS external or internal?
Ah, good point, Juggledad, I'll away and find out right now.


Actually, just had a look and the 3.6.4 site is using CSS inline/internal.

Last edited by KatyDigg; Jul 4, 2011 at 08:37 AM. Reason: 3.6.4 site is using CSS inline/internal
Old Jul 11, 2011, 04:38 AM
KatyDigg's Avatar
319 posts · Jul 2009
Simply wish to include this reference link, so as to come back to later.

CSS all dumped into the <head> of the files. Why?



css, source code disclosure, websitedefender, wp security scan

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with editing source code... RJelley Atahualpa 3 Wordpress theme 5 Mar 22, 2011 01:05 PM
[SOLVED] Source code prooffairy Plugins & Atahualpa 2 Nov 9, 2010 10:12 AM
How do I splice two images into one header in the atahualpa source code? carlos123 Header configuration & styling 4 Aug 15, 2010 04:12 PM
Output HTML source code is bloated islandman Header configuration & styling 3 Sep 18, 2009 10:38 AM
Style from source to CSS stylesheet file? kartun11 Atahualpa 3 Wordpress theme 3 Feb 12, 2009 05:35 PM

All times are GMT -6. The time now is 11:15 AM.

Powered by vBulletin® Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.