VaultPress security alert

  • Resolved wdwnewstoday

    (@wdwnewstoday)


    7 years, 5 months ago

    After installing the plugin, VaultPress has alerted me to a security threat:

    PHP.Generic.BadPattern.5
    This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

    Middleware.php
    /wp-content/plugins/ilab-media-tools/vendor/ilab/ilab-aws-media-cloud-sdk/src

    313 return $handler($f($command), $request);

    I’m figuring that if I click the Repair option it will break the plugin, so not sure what to do.

Viewing 1 replies (of 1 total)
  • Plugin Author interfacelab

    (@interfacelab)

    I think that’s a false positive considering that everything in the function is typed and will throw an error if the wrong types are passed to it.

    Also, that’s from Amazon’s SDK so the issue would have to be opened up on their github: https://github.com/aws/aws-sdk-php (I just renamespace their library to avoid collisions with other plugins).

    But I really think it’s a non-issue.

Viewing 1 replies (of 1 total)
  • The topic ‘VaultPress security alert’ is closed to new replies.