Security vulnerability identified by VaultPress

  • Resolved psysss

    (@psysid)


    9 years, 9 months ago

    PHP.Hidden.Code.2
    This file contains suspicious hidden code, and should be checked for recent changes, or malicious code. Often hackers try to hide their hack attempts by obfuscating their attack code, to make it harder to detect. VaultPress has detected a string of suspicious characters in this file. Please check your backup history for recent changes to this file, or contact a Safekeeper if you are unsure.

    class-pum-ajax.php
    /wp-content/plugins/popup-maker/includes

    Do let me know if it is safe to ignore this issue.

    Thanks

    https://wordpress.org/plugins/popup-maker/

Viewing 1 replies (of 1 total)
  • Plugin Author Daniel Iser

    (@danieliser)

    9 years, 9 months ago

    @psysid – Yea, that is safe. It is on my list of things to address. Basically the code in question is a string that contains the contents of a 1px transparent image that is loaded as part of our popup open tracking.

    If you are familiar with Google Analytics tracking pixel, this is the same thing but the data stays on your site.

    I plan to remove the string based image and just serve an actual file to keep these automated checks from triggering alerts. Will try to get that into the next update.

    Hope that helps. Please take a moment to click that it Works and to rate and review the plugin or support.

Viewing 1 replies (of 1 total)

The topic ‘Security vulnerability identified by VaultPress’ is closed to new replies.