[wp-trac] [WordPress Trac] #61003: Direct access to .php files in /wp-includes is not protected out of the box
WordPress Trac
noreply at wordpress.org
Fri Apr 12 21:34:58 UTC 2024
#61003: Direct access to .php files in /wp-includes is not protected out of the box
--------------------------+------------------------
Reporter: teo8976 | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 6.5
Severity: critical | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Changes (by SergeyBiryukov):
* status: new => closed
* resolution: => duplicate
* milestone: Awaiting Review =>
Comment:
Hi there, welcome back to WordPress Trac!
Thanks for the ticket, we're already tracking this issue in #18546.
For a bit more context, errors like this are considered a server
configuration issue rather than a security issue as per the
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ Security FAQ]:
> ''' Why are there path disclosures when directly loading certain
files?'''
> This is a server configuration problem. Never enable `display_errors` on
a production site.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61003#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list