Support » Plugin: Wordfence Security » False positive for malicious code: Press Permit Core

  • Resolved Kevin Behrens

    (@kevinb)


    WordFence is reporting Press Permit Core as a critical security concern because press-permit-core/admin/plugin_pp.php “contains the word ‘eval’ (without quotes) and the word ‘base64_decode’ (without quotes).”

    This is incorrect. The only occurrence of that string is the word retrieval in a code comment.

    The base64_decode() call is used to efficiently transfer extension availability data from the presspermit.com server. This is only done when the plugin setting to connect to presspermit.com is enabled.

    [After posting this, I discovered that other plugins were also dinged and the WordFence servers have already been updated to resolve the issue. I think it’s fair to leave this FYI for my users, though.]

  • The topic ‘False positive for malicious code: Press Permit Core’ is closed to new replies.