Hi,
I compared the flot folder of WordPress Contact Forms plugin with Flot 0.7.0 I just downloaded from https://codeload.github.com/flot/flot/tar.gz/v0.7.0 , and the only differences are in the examples folder (i removed it from the copy included in Contact Forms) and minifized versions of the scripts (not included in the GitHub repository).
The file jquery.flot.js and the other files are identical to the ones in this repository. Maybe some malware includes the same version of the Flot library or it’s just a false positive. I’ll report this to GOTMLS.net
Eli
(@scheeeli)
I have confirmed that the code in question is not malicious.
//debug: html.push('<div style="position:absolute;opacity:0.10;background-color:red;left:' + box.left + 'px;top:' + box.top + 'px;width:' + box.width + 'px;height:' + box.height + 'px"></div>')
Please note that this nearly hidden div is exactly the kind of HTML code that hackers use to hide text that they want to get indexed on infected sites. In this case it is just a slightly red tinted box that was clearly just used for debugging. You can also see that this code is rem’d out so it’s not even executed when the insertAxisLabels function is called.
https://plugins.trac.wordpress.org/browser/contact-forms/trunk/flot/jquery.flot.js#L1663
As this line was only used for debugging, and its not even needed in this JS include, it should probably just be removed and it won’t hurt for my Anti-Malware plugin to be deleting this line of code from this file. However, I understand this is not your code and this library could also show up in someone else’s plugin so I have whitelisted this version of this file so that it will not be flagged as a threat in my Anti-Malware plugin any more.
Thanks for reporting this to me. Please let me know if there is anything else.
Aloha, Eli
Ok Eli, thanks for your report, I think I’ll update the Flot library in the next version, it seems they have removed that line