Title: Suspious code Last modified: July 2, 2018 --- # Suspious code * Resolved [pizza4all](https://wordpress.org/support/users/pizza4all/) * (@pizza4all) * [7 years, 9 months ago](https://wordpress.org/support/topic/suspious-code/) * Hey Alessandro, the same issue occured twice this weekend. Vaultpress sent me an alert message (see the second one here : [https://www.dropbox.com/s/jdqahpbhtel182p/Capture%20d%E2%80%99%C3%A9cran%202018-07-02%20%C3%A0%2007.21.13.png?dl=0](https://www.dropbox.com/s/jdqahpbhtel182p/Capture%20d%E2%80%99%C3%A9cran%202018-07-02%20%C3%A0%2007.21.13.png?dl=0)) about part of the user manager plugin code needed to be reviewed / fixed. * I had Vaultpress fix the issue, then the site generated a 500 error forcing me to have people from bluehost fix this issue. Then, I uploaded your update and yesterday night, suprise, same message from Vaultpress. * Can you look at it from your end and fix the issue once and for all? cheers, norm Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Contributor [Alessandro Tesoro](https://wordpress.org/support/users/alessandrotesoro/) * (@alessandrotesoro) * [7 years, 9 months ago](https://wordpress.org/support/topic/suspious-code/#post-10454459) * Hi [@pizza4all](https://wordpress.org/support/users/pizza4all/) * This is a false positive. There’s absolutely nothing suspicious about that file. The file comes from a library called Carbon fields that it’s used in WPUM to generate the custom fields in the admin panel, ranging from the user custom fields to settings for addons. * You can see the source code here [https://github.com/htmlburger/carbon-fields/blob/master/core/Pimple/Container.php](https://github.com/htmlburger/carbon-fields/blob/master/core/Pimple/Container.php) therefore there’s nothing that I can do about this. * Thread Starter [pizza4all](https://wordpress.org/support/users/pizza4all/) * (@pizza4all) * [7 years, 9 months ago](https://wordpress.org/support/topic/suspious-code/#post-10454490) * Hey Alessandro,thanks for the quick reply. Just go this message from Vaultpress folkd confirming your saying : “I just checked the threat and it turned out to be false-positive. The vulnerability was detected on this line: return $callable( $factory($c), $c); I matched this line of code with the actual code of the plugin available here: [https://wordpress.org/plugins/wp-user-manager/](https://wordpress.org/plugins/wp-user-manager/) and they matched completely. However, I’d recommend you to switch to a different plugin, if VaultPress continues to detect vulnerabilities with this plugin.” * Hoping I won’t have to switch plugin 😉 * cheers, norm * Plugin Contributor [Alessandro Tesoro](https://wordpress.org/support/users/alessandrotesoro/) * (@alessandrotesoro) * [7 years, 9 months ago](https://wordpress.org/support/topic/suspious-code/#post-10454513) * Ah no worries, thanks for reporting the message from Vaultpress. There’s no malicious code in the plugin. I’ve reported the issue to the developers of the library just now [https://github.com/htmlburger/carbon-fields/issues/550](https://github.com/htmlburger/carbon-fields/issues/550) so maybe they can do something about it 🙂 Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Suspious code’ is closed to new replies. * ![](https://ps.w.org/wp-user-manager/assets/icon-256x256.png?rev=3468506) * [WP User Manager - User Profile Builder & Membership](https://wordpress.org/plugins/wp-user-manager/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-user-manager/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-user-manager/) * [Active Topics](https://wordpress.org/support/plugin/wp-user-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-user-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-user-manager/reviews/) ## Tags * [suspicious code](https://wordpress.org/support/topic-tag/suspicious-code/) * 3 replies * 2 participants * Last reply from: [Alessandro Tesoro](https://wordpress.org/support/users/alessandrotesoro/) * Last activity: [7 years, 9 months ago](https://wordpress.org/support/topic/suspious-code/#post-10454513) * Status: resolved