Potential False Positive – Natwesttyl Payment Plugin

  • Resolved smwordpress

    (@smwordpress)


    1 year, 2 months ago

    Hi,

    Wordfence has generated three warnings for files that are part of the NatWest TYL WooCommerce payment plugin. When looking at the files directly via SFTP, they do not appear to have any of the code that Wordfence highlights. The files themselves also have not been modified past the date of the last plugin update. Is this a false positive, or am I missing something, full error text from the Wordfence scan below:

    Filename: /public_html/wp-content/plugins/woocommerce_natwesttylcw/lib/Customweb/NatWestTyl/Authorization/PaymentPage/ParameterBuilder.php File Type: Not a core, theme, or plugin file from www.remarpro.com. Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0a\x0a/**\x0a * You are allowed to use this API in your web application.\x0a *\x0a * Copyright (C) 2018 by customweb GmbH\x0a *\x0a * This program is licenced under the customweb software licence. With the\x0a * purc…

    The issue type is: Suspicious:PHP/antibotInclude.E.8672
    Description: Inclusion of an antibot file, often used in phishing kits

    Where Wordfence is showing \x0a there is nothing in the file when viewed in a seperate text editor after downloading the file directly.

    Any assitance is appreciated.

Viewing 1 replies (of 1 total)
  • Plugin Support wfmark

    (@wfmark)

    Hi @smwordpress , thanks for reaching out.

    \x0A is a non-printable/hidden character.

    I suspect this could be a false positive because the NatWest plugin is sold separately and is not listed on www.remarpro.com. Sometimes, plugins create files containing code that appears similar to malicious files but is not actually malicious.

    To confirm, could you please provide the scan result information along with a copy of the file being flagged to [email protected] for our threat intelligence team to check out? Make sure any passwords, keys, or salts are censored prior to sending any files that might contain them.

    You can choose to ignore this scan result so that it does not appear in subsequent scans under the “Results Found” tab. It will appear under the “Ignored Results  tab instead.

    Thanks,

    Mark.

Viewing 1 replies (of 1 total)
  • The topic ‘Potential False Positive – Natwesttyl Payment Plugin’ is closed to new replies.