Support » Plugin: Wordfence Security » Just upgraded, getting possible false positive critical error on gravity forms

  • Hi all: I just upgraded to Wordfence 5.1.5 and I’m getting a Critical Error warning on Gravity Forms, a fairly common and widely used plugin. I just upgraded to version 1.8.9 of Gravity forms. When I scanned today, I got this error.

    Filename:	wp-content/plugins/gravityforms/common.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	18 mins ago.
    Severity:	Critical
    Status	 New
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode(' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    Here’s the two lines of code I think Wordfence is flagging from common.php:

    $result = preg_match( '/^[0-9 -\/*\(\)]+$/', $formula ) ? eval( "return {$formula};" ) : false;


    return trim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, $key, base64_decode( $text ), MCRYPT_MODE_ECB, mcrypt_create_iv( $iv_size, MCRYPT_RAND ) ) );

    I compared these two lines of code with a fresh download of the Gravity Forms plugin from their site and it doesn’t appear to have been modified maliciously. Unfortunately, I can’t link to the whole common.php file because it’s behind a paywall.

    Anyone know if this is something I should be worried about? I don’t know enough about the warning to know if it’s something I should concern myself with.

    I did find this forum thread from a few months back indicating a new update of wordfence was sparking false positives on eval with several popular functions, wondering if something similar is happening here.


Viewing 3 replies - 1 through 3 (of 3 total)
  • WordFence 5.3.12
    WordPress 4.2
    GravityForms 1.9.6

    I’m getting the same warning in WordFence regarding gravityforms/common.php

    Did you find anything out about this?

    I’ve heard back from GravityForms support and was told: “The file common.php is part of Gravity Forms and is not a security threat so you can safely white-list it in WordFence.”

    So I hope that’s true.

    Plugin Author WFSupport


    If the developer says it is ok, then you should be good to go.


Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Just upgraded, getting possible false positive critical error on gravity forms’ is closed to new replies.