Plugin outputs sensitive information

  • Just viewed the source code of website with plugin installed, and was shocked after seeing that plugin outputs very sensitive information in every page.

    Not only it outputs WP version, but also displays PHP version installed on server.

    window.addthis_plugin_info={"info_status":"enabled","cms_name":"WordPress","plugin_name":"Share Buttons by AddThis","plugin_version":"6.1.0","plugin_mode":"WordPress","anonymous_profile_id":"wp-92f0ed974ca68c2c06a28890de761614","php_version":"5.6.31","cms_version":"4.8.1","page_info":{"template":"home","post_type":""},"sharing_enabled_on_post_via_metabox":false};}

    WTF???

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Leland

    (@addthisleland)

    Hi @lipskas,

    The PHP version is only displayed when you are a logged in admin user. This is so we have data about what PHP versions our users use so we can create the best experience possible.

    Thanks,
    Leland
    Support Engineer | AddThis

    Thread Starter lipskas

    (@lipskas)

    Ok, that makes sense. Thanks for the explanation.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Plugin outputs sensitive information’ is closed to new replies.