Wordfence Security
Just upgraded, getting possible false positive critical error on gravity forms (4 posts)

  1. smussenden
    Posted 1 year ago #

    Hi all: I just upgraded to Wordfence 5.1.5 and I'm getting a Critical Error warning on Gravity Forms, a fairly common and widely used plugin. I just upgraded to version 1.8.9 of Gravity forms. When I scanned today, I got this error.

    Filename:	wp-content/plugins/gravityforms/common.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	18 mins ago.
    Severity:	Critical
    Status	 New
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode(' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    Here's the two lines of code I think Wordfence is flagging from common.php:

    $result = preg_match( '/^[0-9 -\/*\(\)]+$/', $formula ) ? eval( "return {$formula};" ) : false;


    return trim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $key, base64_decode( $text ), MCRYPT_MODE_ECB, mcrypt_create_iv( $iv_size, MCRYPT_RAND ) ) );

    I compared these two lines of code with a fresh download of the Gravity Forms plugin from their site and it doesn't appear to have been modified maliciously. Unfortunately, I can't link to the whole common.php file because it's behind a paywall.

    Anyone know if this is something I should be worried about? I don't know enough about the warning to know if it's something I should concern myself with.

    I did find this forum thread from a few months back indicating a new update of wordfence was sparking false positives on eval with several popular functions, wondering if something similar is happening here.



  2. cnymike
    Posted 9 months ago #

    WordFence 5.3.12
    WordPress 4.2
    GravityForms 1.9.6

    I'm getting the same warning in WordFence regarding gravityforms/common.php

    Did you find anything out about this?

  3. cnymike
    Posted 9 months ago #

    I've heard back from GravityForms support and was told: "The file common.php is part of Gravity Forms and is not a security threat so you can safely white-list it in WordFence."

    So I hope that's true.

  4. WFSupport
    Plugin Author

    Posted 9 months ago #

    If the developer says it is ok, then you should be good to go.


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic