WordPress.org

Support

Support » Plugins and Hacks » iThemes Security (formerly Better WP Security) » [Resolved] [Plugin: Better WP Security] function eval

[Resolved] [Plugin: Better WP Security] function eval

Viewing 6 replies - 1 through 6 (of 6 total)
  • Hi Bruno, what problems was this causing for you?

    Hello,

    I have got intrusion caused by using the fontion eval.
    détected by threat-scan-plugin that Better WP Security because it has the eval function. Is that true?

    intrusion was caused by the wp-blog-header.php containing malicious code.

    Thank you for your help

    Bruno

    Hello,

    Scanning Themes and Plugins for eval détected by threat-scan-plugin
    Files:
    /wp-content/plugins/better-wp-security/inc/secure.php
    49: strpos( $_SERVER[‘REQUEST_URI’], “eval(” ) ||
    plugin caused many problèmes intrusion and injection malicious code.

    Thank you for your help

    Bruno

    Ahhh… eval can be used as an attack vector. In this case it is found in the code that is added to .htaccess to detect malicious scripts (it isn’t being executed but is in fact being used in the same fashion as your threat scanner.)

    Hello,

    I just wanted to draw your attention to the subject.
    Thank you for your explanation of eval.

    Bruno

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] [Plugin: Better WP Security] function eval’ is closed to new replies.
Skip to toolbar