Support » Plugin: WP Mail SMTP by WPForms » Vaultpress security alert

  • Resolved Earl_D

    (@earl_d)



    After installing the latest version I received this security aler from vault press
    DES.php
    /wp-content/plugins/wp-mail-smtp/vendor/phpseclib/phpseclib/phpseclib/Crypt
    Generic.Hidden.Code.2
    This file contains suspicious hidden code, and should be checked for recent changes, or malicious code. Often hackers try to hide their hack attempts by obfuscating their attack code, to make it harder to detect. VaultPress has detected a string of suspicious characters in this file. Please check your backup history for recent changes to this file, or contact a Safekeeper if you are unsure.
    Repair Threat
    Ignore Threat
    1 File Affected
    Code identified Showing pre-processed file

            $block = ($shuffleip[ $r        & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
    700
                     ($shuffleip[($r >>  8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
    701
                     ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
    …
    739
            return ($shuffleinvip[($r >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
    740
                   ($shuffleinvip[($l >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
    741
                   ($shuffleinvip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
    …
    1220
                $key = ($this->shuffle[$pc1map[ $r        & 0xFF]] & "\x80\x80\x80\x80\x80\x80\x80\x00") |
    1221
                       ($this->shuffle[$pc1map[($r >>  8) & 0xFF]] & "\x40\x40\x40\x40\x40\x40\x40\x00") |
    1222
                       ($this->shuffle[$pc1map[($r >> 16) & 0xFF]] & "\x20\x20\x20\x20\x20\x20\x20\x00") |
    …
    1374
                            ($shuffleip[ $r        & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
    1375
                            ($shuffleip[($r >>  8) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
    1376
                            ($shuffleip[($r >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
    …
    1417
                        ($shuffleinvip[($l >> 24) & 0xFF] & "\x80\x80\x80\x80\x80\x80\x80\x80") |
    1418
                        ($shuffleinvip[($r >> 24) & 0xFF] & "\x40\x40\x40\x40\x40\x40\x40\x40") |
    1419
                        ($shuffleinvip[($l >> 16) & 0xFF] & "\x20\x20\x20\x20\x20\x20\x20\x20") |
    Showing pre-processed file
    
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jared Atchison

    (@jaredatch)

    Hey Earl_D,

    Thanks for reaching out!

    I can assure you your site is safe and there is no nefarious code in the latest plugin update 🙂

    That code in reference is included in the plugin because it’s a dependency of the Google API we use.

    We’ve created an issue on GH for it where you can read more details.

    https://github.com/awesomemotive/wp-mail-smtp/issues/79

    We’ll be investigating to see if it’s something we can safely remove in a future update, to prevent these warnings from the different security scanners. Until then, you can ignore that error and know there’s nothing suspicious going on!

    Thanks.

    stardaug

    (@stardaug)

    I received the same warning from Vaultpress!!! Virus possible hack.

    Plugin Author Jared Atchison

    (@jaredatch)

    This is fixed in the next release 🙂

    dknut

    (@dknut)

    Also in my sites: same warning from Vaultpress!!! Virus possible hack.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Vaultpress security alert’ is closed to new replies.