WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] [Plugin: Better WP Security] function eval (7 posts)

  1. Brunozit
    Member
    Posted 2 years ago #

    Hello,

    wordpress version : 3.4.2
    The eval function included in the plugin causes many problems. I disable the plugin to each every time this happens through the wp-blog-header.php

    Very good plugin rule many problems and makes it easier for the uninitiated

    Thank tou for all

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Hi Bruno, what problems was this causing for you?

  3. Brunozit
    Member
    Posted 2 years ago #

    Hello,

    I have got intrusion caused by using the fontion eval.
    détected by threat-scan-plugin that Better WP Security because it has the eval function. Is that true?

    intrusion was caused by the wp-blog-header.php containing malicious code.

    Thank you for your help

    Bruno

  4. Brunozit
    Member
    Posted 2 years ago #

    Hello,

    Scanning Themes and Plugins for eval détected by threat-scan-plugin
    Files:
    /wp-content/plugins/better-wp-security/inc/secure.php
    49: strpos( $_SERVER['REQUEST_URI'], "eval(" ) ||
    plugin caused many problèmes intrusion and injection malicious code.

    Thank you for your help

    Bruno

  5. Ahhh... eval can be used as an attack vector. In this case it is found in the code that is added to .htaccess to detect malicious scripts (it isn't being executed but is in fact being used in the same fashion as your threat scanner.)

  6. Brunozit
    Member
    Posted 2 years ago #

    Hello,

    I just wanted to draw your attention to the subject.
    Thank you for your explanation of eval.

    Bruno

  7. Thanks

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags