false 'eval' detection

  • Resolved Ewout

    (@pomegranate)


    10 years, 2 months ago

    I received a report from someone that on of my plugins contained malicious code, detected by Wordfence.

    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘urldecode’ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    Now I looked into the code (it’s part of a library, not my code), and there’s no eval function in it. There is an $eval string in there, but that’s completely harmless of course. Is there a possibility to detect whether it’s actually a function and not a variable?

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Plugin Author Wordfence Security

    (@mmaunder)

    10 years, 2 months ago

    Hi,

    Please ask your customer to upgrade to the newest version of Wordfence where we’ve improved detection so it won’t yield false positives. Version I think it was 4.0.2 was a little too sensitive but we’ve fixed that.

    Regards,

    Mark.

Viewing 1 replies (of 1 total)
  • The topic ‘false 'eval' detection’ is closed to new replies.