From 356b14b975039706f4fd7f4f5db5b114cd75f14e Mon Sep 17 00:00:00 2001
From: Andres Riancho <self@andresriancho.com>
Date: Thu, 24 May 2018 11:40:54 -0300
Subject: [PATCH] Fix #16999

---
 w3af/plugins/crawl/wordpress_fullpathdisclosure.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/w3af/plugins/crawl/wordpress_fullpathdisclosure.py b/w3af/plugins/crawl/wordpress_fullpathdisclosure.py
index 98c10aba8e..742dd60474 100644
--- a/w3af/plugins/crawl/wordpress_fullpathdisclosure.py
+++ b/w3af/plugins/crawl/wordpress_fullpathdisclosure.py
@@ -78,16 +78,17 @@ def _extract_paths(self, domain_path):
         TODO: Will fail if WordPress is running on a Windows server due to
               paths manipulation.
         """
-        theme_paths = []
         wp_root_response = self._uri_opener.GET(domain_path, cache=True)
 
         if is_404(wp_root_response):
-            return
+            return []
 
+        theme_paths = []
         response_body = wp_root_response.get_body()
 
         theme_regexp = '%swp-content/themes/(.*)/style.css' % domain_path
         theme = re.search(theme_regexp, response_body, re.IGNORECASE)
+
         if theme:
             theme_name = theme.group(1)
             for fname in ('header', 'footer'):