WordPress.org

Ready to get started?Download WordPress

Forums

Exploit Scanner
Multiple false positives for core files (5 posts)

  1. vizou
    Member
    Posted 1 year ago #

    I just ran a scan and Exploit Scanner returned tons of legitimate core files with messages like this :

    wp-admin/themes.php
    Unknown file found in wp-includes/ or wp-admin/ directory.

    Could this be due to .htaccess protection? First time this has ocurred with this plugin.

    http://wordpress.org/extend/plugins/exploit-scanner/

  2. vizou
    Member
    Posted 1 year ago #

    Update. After adding 3.5 hashes file to plugin, still getting false positives on :

    wp-includes/class-wp-atom-server.php
    Unknown file found in wp-includes/ or wp-admin/ directory.
    wp-admin/options-privacy.php
    Unknown file found in wp-includes/ or wp-admin/ directory.

    as well as many others like this which says "see changes" then nothing shows up in lightboxed window. After comparing files, nothing bad here.

    wp-admin/post-new.php
    Modified core file

    Seems to me that this plugin is due for a major upgrade... any response from author? It was a fave... not working now.

  3. epawel
    Member
    Posted 1 year ago #

    The same issue here - many false positives e.g.
    wp-includes/js/tinymce/wp-tinymce.php
    Unknown file found in wp-includes/ or wp-admin/ directory.
    wp-includes/default-filters.php
    Unknown file found in wp-includes/ or wp-admin/ directory.
    wp-includes/feed-rss.php
    Unknown file found in wp-includes/ or wp-admin/ directory.
    wp-includes/feed-rss2.php
    Unknown file found in wp-includes/ or wp-admin/ directory.
    wp-includes/feed-atom-comments.php
    Unknown file found in wp-includes/ or wp-admin/ directory.
    wp-includes/feed-rss2-comments.php
    Unknown file found in wp-includes/ or wp-admin/ directory.

  4. mcramer
    Member
    Posted 1 year ago #

    I'm getting the same issue here. I just posted about it at wordpress.org/support/topic/work-with-wp-352. I pretty sure it happened as a result of upgrading WP to 3.5.2. Has anyone figured out a solution to this?

  5. mattyrob
    Member
    Posted 1 year ago #

    You need updates a hashes file, you can get it here or wait for an update to the plugin:
    http://wordpress.org/support/topic/352-hashes?replies=1

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic