Security risk? (VaultPress) | WordPress.org

Resolved stl99
(@stl99)

7 years, 9 months ago

Hi,

I’m using the VaultPress security feature and it alerted me that “plugins/boxzilla/src/di/class-container.php” is a potential security risk. It says:

“PHP.Generic.BadPattern.5

This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.”

Any ideas…?

Cheers,
Thomas

https://wordpress.org/plugins/boxzilla/

Viewing 1 replies (of 1 total)

Plugin Contributor Lap
(@lapzor)

7 years, 9 months ago

Hi Thomas,

The indicated class is called Pimple, which is in use on over 7 677 515 sites.
I doubt it is an actual security issue.

It’s a dependency injection container, used by all the major frameworks like Symfony & Zend.
https://packagist.org/packages/pimple/pimple

Viewing 1 replies (of 1 total)

The topic ‘Security risk? (VaultPress)’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Lap
Last activity: 7 years, 9 months ago
Status: resolved