WordPress.org

Ready to get started?Download WordPress

Forums

Shortcode Exec PHP
Malware on this plugin (8 posts)

1 star
  1. Jessiemar
    Member
    Posted 1 year ago #

    My hosting provider sends a malware report pointing this plugin.
    All the WP sites under my hosting has reports about this malware on the plugin.

    File:
    wp-content/plugins/shortcode-exec-php/editarea/edit_area/reg_syntax/php.js

    Anyone experienced this?

  2. Marcel Bokhorst
    Member
    Plugin Author

    Posted 1 year ago #

    Are you sure this is an infected file and not a false positive?
    Simple way to check: save the file, delete the plugin using the WP plugin manager, install the plugin again and compare the files.

  3. saliraza
    Member
    Posted 1 year ago #

    Kindly Download the Plugin files and check for virus. I am on Windows 8 using its own Virus catcher and it didn't catch any virus. Its safe to use I highly recommend this plugin.

  4. johnh44
    Member
    Posted 1 year ago #

    This is a false positive. Your host should know better.

  5. gecko_guy
    Member
    Posted 11 months ago #

    Why give it a 1 star rating if you don't actually know there is real problem?

    PHP eval function. Sometimes it is possible that malicious code will contain the eval function, which is executable, especially on the same line as a base 64 encoding.

    Although this has been used as a method for malicious code to be executed in some situations, it is very unlikely to be the case on a well documented, popular, regularly updated and highly rated plugin like this one.

    If a vulnerability is found, then you should contact the plugin author via the support options and ask the question, rather than just giving it a 1 star rating without knowing anything about it.

    If there is a genuine problem, then I am sure the author would do absolutely everything in his/her power to address that in the interest of the community, and their own reputation.

  6. Kurt Flint
    Member
    Posted 9 months ago #

    It is a false positive. Your provider is just scanning all scripts for eval statements which should never be used on production web servers.

    No disrespect to the author, but I advise that you do not install this plugin. You are asking for trouble. Eval + WP API access == your user data gone in a heartbeat. If you don't know about the eval thing right up front, no offense intended to you, but you are playing with fire.

  7. Sam
    Member
    Posted 6 months ago #

    Does anyone know if the EVAL issue has been addressed (re-coded without it)? It seems like a good plugin, but I can't evaluate the EVAL situation and would rather not install given Kurt's warning about possible consequences.

  8. WPyogi
    Volunteer Moderator
    Posted 6 months ago #

    @sammazza - please post a new thread in the support forum for this plugin here:

    http://wordpress.org/support/plugin/shortcode-exec-php

    See the sticky post at the top too.

    This review isn't a good place for support questions.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.