WordPress.org

Forums

Wordfence Security
[resolved] [4.0.2] Eval detection is bugged (5 posts)

  1. neamtua
    Member
    Posted 1 year ago #

    After updating to the latest version, I got a couple of notifications that eval() is present in some files.
    What your script detected was "doubleval" and "$this->nodeValue". No other eval is present as I have checked.

    https://wordpress.org/plugins/wordfence/

  2. dlmweb
    Member
    Posted 1 year ago #

    Agreed. WordFence 4.0.2 has just flagged dozens of my sites with files containing possibly containing malicious code. I'm double checking with plugin authors, but I think these are all false positives.

    Gravity Forms -
    wp-content/plugins/gravityforms/form_display.php

    ManageWP Worker plugin -
    wp-content/plugins/worker/init.php

    NextGen -
    wp-content/plugins/nextgen-gallery-pro/modules/autoupdate/module.autoupdate.php

  3. tfagen
    Member
    Posted 1 year ago #

    Good call. Thanks. So I guess it's safe to ignore for now.

  4. Nikola Nikolov
    Member
    Posted 1 year ago #

    I can confirm that as well - usually some mismatched "eval"(where "eval" is part of a word) combined with either base64_decode() or urldecode().
    And I know that base64_decode() is frowned upon, but one of the times it contained a base64_encoded image and the other time it was just a freemium theme trying to put stuff in the footer :doh:.

  5. Wordfence
    Member
    Plugin Author

    Posted 1 year ago #

    Confirmed this is an issue but may already be fixed. Lets merge this conversation into this thread:

    http://wordpress.org/support/topic/latest-version-causing-major-issues-with-major-plugins?replies=7#post-5191465

    ...which I'm about to update.

    Marking this one resolved.

    Regards,

    Mark
    PS: If you found this helpful, please rate Wordfence 5 stars.
    http://wordpress.org/plugins/wordfence/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags