SUCURI warning

  • Resolved Nathan

    (@natedanielz)


    12 months ago

    Hi,

    SUCURI is warning me about a backdoor in this file:
    wp-content/plugins/woorewards/include/pointsflow/action.php

    Definition: php.backdoor.file_get_contents.005

    Looking at the file there is a line which says:
    $json = @json_decode(@file_get_contents($_FILES[$key][‘tmp_name’]), true);

    Not sure if this is the culprit. Can I place the whole file code in here so you can see if the file is correct?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Long Watch Studio

    (@lwsdevelopers)

    Hi,

    This is a false positive.
    We have to read a file when you want to import points. Be sure that we carry out all the necessary checks and that no malicious code can be executed through this.

    Best regards

    Thread Starter Nathan

    (@natedanielz)

    Okay, that’s good to hear.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘SUCURI warning’ is closed to new replies.