Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on WordPress.

  1. Avoid building file paths from user input in custom themes and plugins.

  2. Use WordPress file API functions (get_template_directory(), WP_Filesystem) rather than raw PHP filesystem functions.

  3. Sanitise any path components with sanitize_file_name() before use.

  4. Review plugin settings that allow file path configuration and restrict them to expected directories.

Back to top