Wordfence Security
[resolved] False positive for malicious code: Press Permit Core (1 post)

  1. Kevin Behrens
    Posted 1 year ago #

    WordFence is reporting Press Permit Core as a critical security concern because press-permit-core/admin/plugin_pp.php "contains the word ‘eval’ (without quotes) and the word ‘base64_decode’ (without quotes)."

    This is incorrect. The only occurrence of that string is the word retrieval in a code comment.

    The base64_decode() call is used to efficiently transfer extension availability data from the presspermit.com server. This is only done when the plugin setting to connect to presspermit.com is enabled.

    [After posting this, I discovered that other plugins were also dinged and the WordFence servers have already been updated to resolve the issue. I think it's fair to leave this FYI for my users, though.]

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic