False positive for malicious code: Press Permit Core

WordFence is reporting Press Permit Core as a critical security concern because press-permit-core/admin/plugin_pp.php “contains the word ‘eval’ (without quotes) and the word ‘base64_decode’ (without quotes).”

This is incorrect. The only occurrence of that string is the word retrieval in a code comment.

The base64_decode() call is used to efficiently transfer extension availability data from the presspermit.com server. This is only done when the plugin setting to connect to presspermit.com is enabled.

[After posting this, I discovered that other plugins were also dinged and the WordFence servers have already been updated to resolve the issue. I think it’s fair to leave this FYI for my users, though.]