Support » Plugin: Clearfy – WordPress optimization plugin and disable ultimate tweaker » Potential Malware Detected in Clearfy

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Alexander Kovalev

    (@alexkovalevv)

    Hi,

    Plugins can only assess the likelihood of a threat, but cannot do a final analysis with 100% confirmation of vulnerability. So this is just a false positive. If the plugin contains vulnerabilities, usually such vulnerabilities are quickly exposed and published on WordPress security sites.

    Paul

    (@paultgoodchild)

    Just quickly jumping in here, as the Shield dev.

    Shield will use SVN to determine whether the file is legitimate for a plugin release or not, but since this plugin doesn’t use SVN tags to label releases, we can’t do that in this case. If the plugin author can do that, it’ll help with identifying official plugin files for each release.

    That all said though, we’ve got a semi-manual whitelist system in place now with the latest Shield release, so we’ve added that particular file for this version to the whilelist and so if you re-run the malware scan, it’ll now not show.

    It’ll flag up again if that file changes, however. (unless SVN tags are used to push releases).

    Cheers!

    Thanks guys!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.