VaultPress Security Issue Detected

  • Cleanforest.co

    (@noamcleanforestsolutionscom)


    7 years, 2 months ago

    VaultPress is flagging /plugins/post-smtp/Postman/Postman-Mail/mailgun/vendor/clue/stream-filter/tests/FunTest.php as a possible security threat:

    “PHP.Generic.BadPattern.5 This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.”

    Lines 12 and 23 are problematic.

    11 $this->assertEquals(‘grfg’, $rot(‘test’));
    12 $this->assertEquals(‘test’, $rot($rot(‘test’)));
    13 $this->assertEquals(null, $rot());

    22 $this->assertEquals(‘t=C3=A4st’, $encode(‘t?st’));
    23 $this->assertEquals(‘t?st’, $decode($encode(‘t?st’)));
    24 $this->assertEquals(null, $encode());

    Please advise?

Viewing 3 replies - 1 through 3 (of 3 total)

  • It’s code shipped with mailgun sdk.
    You can delete it, and will delete it too in the next version.

    Hi Yehudah, can you tell me what I do to delete it as this is coming up with my site as reported by Vaultpress security.

    I want to use this plugin but I don’t know what to delete/remove from the plugin to fix it until you do your next version release?

    Please help.

    Hi

    Delete this folder
    plugins/post-smtp/Postman/Postman-Mail/mailgun/vendor/clue/stream-filter/tests

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘VaultPress Security Issue Detected’ is closed to new replies.