Support » Plugin: Wordfence Security » [4.0.2] Eval detection is bugged

  • Resolved neamtua

    (@neamtua)


    After updating to the latest version, I got a couple of notifications that eval() is present in some files.
    What your script detected was “doubleval” and “$this->nodeValue”. No other eval is present as I have checked.

    https://wordpress.org/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • dlmweb

    (@dlmweb)

    Agreed. WordFence 4.0.2 has just flagged dozens of my sites with files containing possibly containing malicious code. I’m double checking with plugin authors, but I think these are all false positives.

    Gravity Forms –
    wp-content/plugins/gravityforms/form_display.php

    ManageWP Worker plugin –
    wp-content/plugins/worker/init.php

    NextGen –
    wp-content/plugins/nextgen-gallery-pro/modules/autoupdate/module.autoupdate.php

    tfagen

    (@tfagen)

    Good call. Thanks. So I guess it’s safe to ignore for now.

    Nikola Nikolov

    (@nikolovtmw)

    I can confirm that as well – usually some mismatched “eval”(where “eval” is part of a word) combined with either base64_decode() or urldecode().
    And I know that base64_decode() is frowned upon, but one of the times it contained a base64_encoded image and the other time it was just a freemium theme trying to put stuff in the footer :doh:.

    Plugin Author Wordfence

    (@mmaunder)

    Confirmed this is an issue but may already be fixed. Lets merge this conversation into this thread:

    http://wordpress.org/support/topic/latest-version-causing-major-issues-with-major-plugins?replies=7#post-5191465

    …which I’m about to update.

    Marking this one resolved.

    Regards,

    Mark
    PS: If you found this helpful, please rate Wordfence 5 stars.
    http://wordpress.org/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[4.0.2] Eval detection is bugged’ is closed to new replies.