Support » Plugin: Constant Contact for WordPress » VaultPress reports malicious code

  • Resolved David Sharpe

    (@davesharpedotcom)


    Hi,

    I received a notice from VaultPress that the Constant Contact plugin contained malicious code. I checked the installed plugin against the version in the repository and they are the same so it doesn’t appear that my site is infected.

    Here’s the response I received from VaultPress tech support.

    It’s tough to say here. The code that’s triggering the alerts is fairly suspicious, but it could be a case of bad coding as well. Looking at our overall logs we’re seeing that same plugin triggering alerts elsewhere, so it’s not an intrusion into your site itself. But the fact that there are multiple issues within the same plugin is troubling, and it’s leaving your site vulnerable.

    If you’re using the plugin, then you could ignore the threat, but you might also get in touch with the plugin creator to see if they can make modifications. If you’re not actively using the plugin we’d recommend removing it. Or looking for an alternative plugin.

    Is this anything to be concerned about or is it a false positive? I’m using the latest version of the plugin.

    Thanks for your help.

    https://wordpress.org/plugins/constant-contact-api/

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘VaultPress reports malicious code’ is closed to new replies.