Suspicious function found: class-wpvivid-backup-uploader

  • Resolved kiudex

    (@kiudex)


    4 years, 3 months ago

    I’m using the WP Defender Pro plugin to scan files for Malware. It found the following:

    Issue Details
    We’ve uncovered suspicious code in /var/web/site/public_html/wp-content/plugins/wpvivid-backuprestore/includes/class-wpvivid-backup-uploader.php. The red highlighted code is the flagged code and the green is the cleaned up code. Note that these warnings can be false positives, so consult your developer before taking action.

    Here the code:

    $path=WP_CONTENT_DIR.DIRECTORY_SEPARATOR.WPvivid_Setting::get_backupdir().DIRECTORY_SEPARATOR;
rename($status['file'],$path.$file_name.'_'.$_POST['chunk'].'.tmp');
$path=WP_CONTENT_DIR.DIRECTORY_SEPARATOR.WPvivid_Setting::get_backupdir().DIRECTORY_SEPARATOR;

    The function rename line 120 column 13 execute using unsanitized user inputs

    I would now like to know if this is a valid concern for my website’s security and something worth fixing by your developers – or if I can ignore the issue (maybe a false positive).

    • This topic was modified 4 years, 3 months ago by kiudex.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support tonyrobins

    (@tonyrobins)

    4 years, 3 months ago

    Hi @kiudex

    Thanks for the feedback!

    We haven’t received the same report from other users. We will look into it soon and will let you know.

    Thanks and Regards,

    Plugin Support tonyrobins

    (@tonyrobins)

    4 years, 3 months ago

    Hi @kiudex

    The code is good upon our inspection.

    It’s the code responsible for merging the uploaded chunk temporary files into a full backup. Your detection tool might have detected the rename function.

    Anyway, you can just ignore the issue.

    Regards,

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Suspicious function found: class-wpvivid-backup-uploader’ is closed to new replies.