The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

WP Mobile Detector
DO NOT USE - Malware vulnerable (2 posts)

  1. businessreboot
    Posted 4 years ago #

    This plugin infected my entire site. I cleaned the entire site, downloaded a new version of WP and backed up files.

    I re-installed the plugin (paid version) and then ran my scan - this is the result:

    This file may contain malicious executable code
    Filename: wp-content/plugins/a-wp-mobile-detector/functions.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 31 secs ago.
    Severity: Critical
    Status New
    This file is a PHP executable file and contains a line 2045 characters long without spaces that may be encoded data along with functions that may be used to execute that code. If you know about this file you can choose to ignore it to exclude it from future scans.

    I emailed support several times as I believe it would be a great plugin but to no avail.


  2. websitezcom
    Plugin Author

    Posted 4 years ago #

    That error is a false negative as there is no encoded data that is executable in that file.

    The only injection opportunity is through the Timthumb.php open source library, but that was fixed almost a year ago now.

    If you'd like help, just let me know.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.