Malware alert after 3.6.0 updatee

  • Resolved Peter Hardy-vanDoorn

    (@petervandoorn)


    6 years, 9 months ago

    After your 3.6.0 update, WordFence is throwing this alert:

    This file may contain malicious executable code: wp-content/plugins/backwpup/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php … contains the word “eval” (without quotes) and the word “unpack(” (without quotes).

    I’ve checked and the file isn’t in the previous version.

    Please confirm that this is a false-positive, or take action otherwise.

    I have deleted the plugin until this is resolved, and recommend everyone else to do the same.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support happyAnt

    (@duongcuong96)

    Hi @petervandoorn
    Phpseclib is used for encryption backup feature and we can make sure that this is a false result because we use this library directly from https://phpseclib.sourceforge.net/.
    Anyway, we are going to inform WordFence and others security plugin about it.
    Thank you anyway for reporting it ??
    Going to close the issue now, if you have any question, please let me know!

    Thread Starter Peter Hardy-vanDoorn

    (@petervandoorn)

    Good news.

    It did also seem slightly dodgy given that the path to it included “phpseclib/phpseclib/phpseclib” – repeated like that looks a little odd :-/

    Thanks for confirming that it’s a false-positive.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware alert after 3.6.0 updatee’ is closed to new replies.