backdoor identified in your plugin
-
Hello,
can you please comment – i have found by the security plugin Security Ninja that your plugin code contains a backdoor:
wp-content/plugins/ajax-login-and-registration-modal-popup-pro/free/vendor/max-kk/wp-notice-lib/class-admin-dismissible-notice.php
// if ( $_GET['hash'] !== md5($_GET['key'] . NONCE_SALT . $_GET['save_to']) ) {Line: 52
md5($_GET[
#Backdoor
Located here:
/home/u188246671/domains/hobbyhorseslovakia.com/public_html/wp-content/plugins/ajax-login-and-registration-modal-popup-pro/free/vendor/max-kk/wp-notice-lib/class-admin-dismissible-notice.phpCan you please kindly comment on this finings?
-
Hey,
As you can see:
- This code has been commented for many years
- There is nothing related to the?Backdoor, it’s only checking that the Admin notice hash is correct while?dismissing the admin notice:
// // Verify that data was not changed// if ( $_GET['hash'] !== md5($_GET['key'] . NONCE_SALT . $_GET['save_to']) ) {// wp_send_json_error();// }You can always upload it to the Virus Total, if you have any doubts.
- The topic ‘backdoor identified in your plugin’ is closed to new replies.
