WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] False positive for malicious code: Press Permit Core (1 post)

  1. kevinB
    Member
    Posted 5 months ago #

    WordFence is reporting Press Permit Core as a critical security concern because press-permit-core/admin/plugin_pp.php "contains the word ‘eval’ (without quotes) and the word ‘base64_decode’ (without quotes)."

    This is incorrect. The only occurrence of that string is the word retrieval in a code comment.

    The base64_decode() call is used to efficiently transfer extension availability data from the presspermit.com server. This is only done when the plugin setting to connect to presspermit.com is enabled.

    [After posting this, I discovered that other plugins were also dinged and the WordFence servers have already been updated to resolve the issue. I think it's fair to leave this FYI for my users, though.]

Reply

You must log in to post.

About this Plugin

About this Topic