Support » Plugin: WP Cerber Security, Anti-spam & Malware Scan » Scan results wrong

  • Resolved a223123131

    (@a223123131)


    I run a scan and Cerber finds things like this

    /nextend-smart-slider3-pro/Nextend/Framework/Style/Style.php >>> Suspicious code found (HIGH)
    Line 14:id`
    Line 15: hash
    Line 16: image
    Line 17: value
    Line 14: id
    Line 15: hash
    Line 15: hash
    Line 14: id
    Line 23: application
    Line 24: section
    Line 25: referencekey
    Line 17: value
    Line 27: system
    Line 28: editable
    Line 14: id
    Line 23: application
    Line 23: application
    Line 24: section
    Line 25: referencekey
    Line 23: application
    Line 24: section
    Line 27: system
    Line 28: editable
    Line 14: id
    Line 38: group
    Line 39: type
    Line 40: params
    Line 14: id
    Line 14: id
    Line 45: alias
    Line 46: title
    Line 39: type
    Line 40: params
    Line 49: status
    Line 50: time
    Line 51: thumbnail
    Line 52: ordering
    Line 49: status
    Line 50: time
    Line 14: id
    Line 52: ordering
    Line 52: ordering
    Line 14: id
    Line 46: title
    Line 67: slider
    Line 70: published
    Line 71: first
    Line 72: slide
    Line 73: description
    Line 51: thumbnail
    Line 40: params
    Line 52: ordering
    Line 14: id
    Line 70: published
    Line 51: thumbnail
    Line 51: thumbnail
    Line 52: ordering
    Line 67: slider

    Execute arbitrary command on the web server (BCTK)`

    This is just one example. There are different with the same plugin, but also issues with other plugins. The thing theyy have in common is that in this marked lines there is nothing at all. Sometimes it is an empty row, sometimes a comment row starting with # and sometimes a row with different code. Also the marked code for the lines isn’t available in the entire file.

    What is going on here? I can’t check everything which Cerber has found. I need only results of real things. This I can check, everything else takes to much time (it happens often).

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Gregory

    (@gioni)

    You need to click the “Resolve issue” link in the row with the plugin name and follow the instructions shown in the popup window.

    Thread Starter a223123131

    (@a223123131)

    I have done so… as expected it just marking the plugin as verified. But why is Cerber finding things in files which are not there? Do I need to do this for each plugin now? This means after each plugin update I need to re-de so. It would be better if Cerber would only find real things.

    • This reply was modified 8 months ago by a223123131.
    Plugin Author Gregory

    (@gioni)

    It’s because the scanner algorithms are not perfect as well as the code of “nextend-smart-slider3-pro” that contains backticks. Backticks can be used to run arbitrary commands on a web server. Good developers do not use backticks in PHP code since they pose a serious risk. If you update plugins and themes via the WordPress dashboard, you do not need to do anything. WP Cerber processes all updates automatically.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Scan results wrong’ is closed to new replies.