doubleval($_POST[ is not malicious | WordPress.org

Resolved dpowney
(@dpowney)

11 years, 8 months ago

Hi,

Just because I have “doubleval($_POST[” in my code doesn’t mean I’m a hacker.

This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “eval($_POST[”

Are there any plans to fix this? Otherwise I’ll need to slightly modify my code to workaround this so I can assure people who use my plugin I’m not trying to do anything malicious.

Thanks,
Daniel

https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)

WFSupport
(@wfsupport)

11 years, 8 months ago

A member of the dev team will be responding to you soon.

Thanks!

tim

Plugin Author Mark Maunder
(@mmaunder)

11 years, 8 months ago

Hi Daniel,

Sorry about that – can you email me a ZIP of your plugin and I’ll whitelist it and also get that false positive taken care of. My email is mark at wordfence dot com.

Thanks!!

Thread Starter dpowney
(@dpowney)

10 years, 10 months ago

Hi Mark,

I’m sending you an e-mail about this – albeit 9 months later as I just had someone else ask me about this. https://wordpress.org/support/topic/wordfence-shows-problems-eval_post-possible-hacker

Thanks,
Daniel

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘doubleval($_POST[ is not malicious’ is closed to new replies.

3 replies
3 participants
Last reply from: dpowney
Last activity: 10 years, 10 months ago
Status: resolved