Title: [Plugin: WordPress Exploit Scanner] False positive for JavaScript eval()
Last modified: August 19, 2016

---

# [Plugin: WordPress Exploit Scanner] False positive for JavaScript eval()

 *  [Sir Trevor](https://wordpress.org/support/users/cyberskull/)
 * (@cyberskull)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/)
 * The following code snippet was flagged as a possible JavaScript eval() call:
   `
   function _handle_ad_retrieval($member_id, $query) {`
 * I am running WP 2.8.5 but that is not an option in the post.
 * [http://wordpress.org/extend/plugins/exploit-scanner/](http://wordpress.org/extend/plugins/exploit-scanner/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/#post-1254702)
 * See “eval(” in that string? That’s ok.
 *  [elfcurry](https://wordpress.org/support/users/elfcurry/)
 * (@elfcurry)
 * [16 years, 3 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/#post-1254953)
 * > ic_html/*****/wp-includes/classes.php(113) : eval()’d code(1) : eval()’d code
   > on line 1
   > )’d code(1) : eval()’d code on line 1
 * Line 1 of that file is just ‘<?php’
    and line 113 is ‘*’ within a comment.
 * The identical error is reported 8 times and a search doesn’t show ‘eval’ except
   within a comment.
 * Can someone interpret please?
 *  [elfcurry](https://wordpress.org/support/users/elfcurry/)
 * (@elfcurry)
 * [16 years, 3 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/#post-1254954)
 * What the error report appears to say is that it thinks it’s found ‘eval()’ on
   either line 1 or line 113 of classes.php but which? That text does not appear
   on either line 1 or 113, only in a comment elsewhere. Why the additional repeated
   snippet, and why report the identical error 8 times?
 * As this is my first time using this, I’d appreciate some guidance as to whether
   I should just ignore this. Thanks.
 *  [Donncha O Caoimh (a11n)](https://wordpress.org/support/users/donncha/)
 * (@donncha)
 * [16 years, 3 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/#post-1254955)
 * elfcurry – I’m not sure why you’re seeing this error when the string isn’t there
   but perhaps you should copy classes.php from a new download of WordPress over
   your copy (assuming you’re running the latest WP?) just to be safe.
 *  [elfcurry](https://wordpress.org/support/users/elfcurry/)
 * (@elfcurry)
 * [16 years, 2 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/#post-1254956)
 * Thanks donncha, I’ve copied a fresh classes.php file over the one it complains
   about. It’s worrying that it complains about something which I can’t see – did
   it find something genuine but get confused and point to the wrong place?
 * Can you say whether it was line 1 or 113 or something else it didn’t like?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘[Plugin: WordPress Exploit Scanner] False positive for JavaScript eval()’
is closed to new replies.

## Tags

 * [false positive](https://wordpress.org/support/topic-tag/false-positive/)

 * 5 replies
 * 3 participants
 * Last reply from: [elfcurry](https://wordpress.org/support/users/elfcurry/)
 * Last activity: [16 years, 2 months ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-false-positive-for-javascript-eval/#post-1254956)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics