Pretty sure all the PHP code should only exist server-side, so we shouldn't be able to see it, even though there's no closing PHP tag. And I'm no crypto expert but I think the nonce value should be different each time you reload the page if it's being used like nonce's are generally supposed to be used in cryptography. This may or may not be a vulnerability, kinda looks like someone got half way through putting something together on this page then forgot about it.
Pretty sure all the PHP code should only exist server-side, so we shouldn't be able to see it, even though there's no closing PHP tag. And I'm no crypto expert but I think the nonce value should be different each time you reload the page if it's being used like nonce's are generally supposed to be used in cryptography. This may or may not be a vulnerability, kinda looks like someone got half way through putting something together on this page then forgot about it.
EDIT: I don't know jack about wordpress.
Ok. I'm not knowledgeable about WP, but I was curious since I read that some tech people thought that this was a risk, so figured I'd ask here.
I was wondering if they were trying to follow up on Twitter's meltdown from two days ago!