Any idea why wp-polls is seen as potential malware by scanners? (7 posts)

  1. jberg1
    Posted 3 years ago #

    I'm using the WP-Polls plugin. When I scan our site for security threats, using http://sitecheck.sucuri.net/scanner/

    It comes back with:
    <script type='text/javascript' src='/wp-content/plugins/wp-polls/polls-js.js?ver=2.50'></script>

    as possible Malware, any idea why? Or how to fix it (without removing the plugin)?

    Thanks for your help.


  2. Lester Chan
    Plugin Author

    Posted 3 years ago #

    Your site might have been comprised before?

    My Site using WP-Polls is fine, I ran 2 of my sites with the scanner, http://sitecheck.sucuri.net/results/http://lesterchan.net & http://sitecheck.sucuri.net/results/http://lesterchan.net/wordpress

  3. Have you tried upgrading to the latest WP-Polls? The scanner result you quoted indicates that you're running v 2.5, and according to the plugin changelog, that version is a couple of years old and (more importantly) several security issues have been fixed in more recent versions.

  4. jberg1
    Posted 3 years ago #

    Thanks for the reply Lester.

    One thing I noticed on your site. I don't see
    <script type='text/javascript' src='http://www.lesterchan.net/wp-content/plugins/wp-polls/polls-js.js?ver=2.50'></script>
    in the footer in your code.

    My site gets this at the bottom of each page (but using my domain name). It looks like that is called in wp-polls.php (Function: Enqueue Polls JavaScripts/CSS).

    I'm calling the poll as a shortcode in a post and not a sidebar. Does that make a difference? And using
    <?php wp_footer(); ?>
    in my footer.php file.

    using WP-Polls version 2.62
    I've uninstalled and reinstalled to make sure it hadn't been hacked before.

  5. jberg1
    Posted 3 years ago #

    Thanks Amy, I will check that. I am using the latest version, but maybe there is something hanging on from the old version I just upgraded?

    But I do see this in the wp-polls.php file of the plugin.
    wp_enqueue_script('wp-polls', plugins_url('wp-polls/polls-js.js'), array('jquery'), '2.50', true);

    But I'm not a PHP pro, so I don't know exactly what that means.
    Maybe something in my DB that is confusing the version of WP-Polls?

  6. Lester Chan
    Plugin Author

    Posted 3 years ago #

    the latest version of WP-Poll is 2.62 =)

  7. jberg1
    Posted 3 years ago #

    And that latest version is supposed to place

    <script type='text/javascript' src='http://www.thedomainname.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.50'></script>

    in the footer?

    Thanks for your help.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic