Adminer – File appears to be malicious or unsafe

  • Resolved Pexle Chris

    (@pexlechris)


    5 days, 4 hours ago

    Hello,

    I am the author of free WP Adminer plugin, and yesterday I released an update of the plugin and I also updated wp-content/plugins/pexlechris-adminer/inc/adminer.php in order to include in the plugin new Adminer version 4.8.4

    And in one of my websites I get this message

    File appears to be malicious or unsafe: wp-content/plugins/pexlechris-adminer/inc/adminer.php
    Filename: /var/www/wp-content/plugins/pexlechris-adminer/inc/adminer.php

    File Type: Not a core, theme, or plugin file from www.remarpro.com.

    Details: While this database administration tool is not malicious, versions below 4.7.0 have a vulnerability that can allow site takeover. We recommend you remove this file immediately.
    The matched text in this file is: if($_GET["file"]=="favicon.ico"){header("Content-Type: image/x-icon");echo\x0alzw_decompress(

    The issue type is: Suspicious:PHP/adminer.3653
    Description: Adminer database management tool

    Can you fix your API in order not to be recognized as malicious? And for future usages, what should I do as an author of plugin in order not Wordfence characterized these files as malicious?

    Regards,

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @pexlechris, thank-you for informing us about this.

    I couldn’t see a CVE ID or Wordfence Intelligence link to reference for 4.7.0 and earlier, so I think it’s best to contact our Threat Intelligence team directly at?wfi-support @ wordfence . com?to review the notice to confirm that the issue is patched.

    Many thanks,
    Peter.

    Plugin Support wfpeter

    (@wfpeter)

    Extra note for you and others who may reference this issue @pexlechris:

    We have removed the signature that detected this file from production. It should no longer detect these Adminer files. The reason the offending signature was in place was to warn users about a potentially vulnerable Adminer version, but there appear to have been some false-positives that of course didn’t exist when the signature was originally released, but are surfacing now. We apologize for the confusion and thank-you for bringing this to our attention.

    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.