False positve file changes for updated plugins

  • Resolved bobsled

    (@bobsled)


    3 years, 6 months ago

    There seems to be a problem with Wordfence recognizing valid file changes for some popular plugin updates.

    In particular, the most recent update to Advanced Editor Tools (previously TinyMCE Advanced) is still showing seven errors after a week or so since the last update.

    Modified plugin file: wp-content/plugins/tinymce-advanced/mce/wptadv/plugin.js

    Modified plugin file: wp-content/plugins/tinymce-advanced/mce/wptadv/plugin.min.js

    Modified plugin file: wp-content/plugins/tinymce-advanced/plugin-assets/tadv.css

    Modified plugin file: wp-content/plugins/tinymce-advanced/plugin-assets/tadv.js

    Modified plugin file: wp-content/plugins/tinymce-advanced/tadv_admin.php

    Modified plugin file: wp-content/plugins/tinymce-advanced/tinymce-advanced.php

    Modified plugin file: wp-content/plugins/tinymce-advanced/uninstall.php

    And now I am now getting an error for Yoast SEO also.

    Modified plugin file: wp-content/plugins/wordpress-seo/wp-seo-main.php

    Is this a problem with Wordfence or is there another explanation?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support WFAdam

    (@wfadam)

    3 years, 6 months ago

    Hello @bobsled and thanks for reaching out to us!

    I have seen this with TinyMCE recently. I believe we confirmed with them that they had made a security update recently and that was what was causing the issue in the scans.

    You can check with TinyMCE support to be sure but I believe these to just be false positives.

    As for Yoast, that is one of the main PHP files that Yoast operates on, I also believe this to be a false positive, but if you want to make sure, its best to check with their support.

    Let me know what you find!

    Thanks!

    Thread Starter bobsled

    (@bobsled)

    3 years, 6 months ago

    Thanks @wfadam

    I believe they are false positives too, but nevertheless, they are annoying.

    Support for TinyMCE thinks it’s a WF problem. So it’s a game of ping pong.

    But I noticed that when I check the “View Differences” for TinyMCE, there is actually no error. All of them show “no differences between the original file and the file in the repository.”

    Filename: wp-content/plugins/tinymce-advanced/mce/wptadv/plugin.js
    File type: Plugin File
    Plugin Name: Advanced Editor Tools (previously TinyMCE Advanced)
    Plugin Version: 5.5.1

    There are no differences between the original file and the file in the repository.

    So I guess I agree with TinyMCE support. It looks to me like an issue with WF.

    As for Yoast, yes there is a difference on line 38. So the error report is correct.

    38 define( ‘YOAST_SEO_WP_TESTED’, ‘5.5.1’ ); 38 define( ‘YOAST_SEO_WP_TESTED’, ‘5.5’ );

    Hopefully, Yoast will update this file in the repository soon.

    • This reply was modified 3 years, 6 months ago by bobsled.
    Plugin Support WFAdam

    (@wfadam)

    3 years, 6 months ago

    If TinyMCE says nothing has changed and a handful of people are reporting the same issue, its safe to say its a false positive then.

    Looks like the Yoast difference might be WP version related. Have you updated to 5.5.1 recently?

    Looks harmless, however. You should be all set.

    Thanks again for your support!

    Thread Starter bobsled

    (@bobsled)

    3 years, 6 months ago

    Yes, Yoast updated a day or two ago, so it’s not unusual. I imagine it will go away soon or with the next regular update.

    I think I’ll just set ignore for all these errors, and let time take its course.

    Thanks for your feedback. Much appreciated.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘False positve file changes for updated plugins’ is closed to new replies.