Sucuri found an exploit in the plugin | WordPress.org

Resolved mag07
(@mag07)

8 years, 11 months ago

Downloaded and installed on one site today. Was instantly flagged by Sucuri who appears to have found a php.exploit.sysinfo.001 in wp-content/plugins/better-file-editor/js/ace/snippets/java.js.

Not much of a security person but it’s something you may want to take a look at.

Cheers.

https://wordpress.org/plugins/better-file-editor/

Viewing 1 replies (of 1 total)

Plugin Author Bryan Petty
(@bpetty)

8 years, 11 months ago

Sucuri mis-diagnosed the file, this is a false positive match. The first indication of this is that it thinks it found a PHP exploit in a JavaScript file. Second, they’ve confirmed this false positive in other plugins that use the ACE editor like this one:

1. https://www.wpbeaverbuilder.com/support/q/fyi-for-beaver-builder-security/
2. https://wordpress.org/support/topic/sucuri-detecting-malware-on-421?replies=4

I would contact Sucuri for a fix.

Viewing 1 replies (of 1 total)

The topic ‘Sucuri found an exploit in the plugin’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Bryan Petty
Last activity: 8 years, 11 months ago
Status: resolved