Virus embedded in plugin.class.php

  • dlechner

    (@dlechner)


    11 years, 11 months ago

    I have the Wordfence plugin and it checks the files in my websites against the original theme and plugin files and it keeps saying that the file: plugin.class.php has executable code in it. It also finds malicious code in the commercial.BUNDLE.php file. When I delete the file it breaks the plugin..have you had anyone else with this problem?

    https://wordpress.org/plugins/global-flash-galleries/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Oleg

    (@olegshs)

    11 years, 11 months ago

    dlechner,

    You should upgrade the commercial plugin to latest version, which you can download from your account:
    http://flash-gallery.com/my_account/

    Pirate Tayls

    (@pirate-tayls)

    11 years, 6 months ago

    wp-content/plugins/commercial-flash-galleries/commercial.Art.php

    wp-content/plugins/commercial-flash-galleries/inc/commercial.php

    Wordfence is giving the following warning for both of these files:

    This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.

    Is there anything I need to be worried about? I did the most recent update and rescanned, still got these warnings. My client likes the plugin, but this is worrisome.

    https://wordpress.org/plugins/global-flash-galleries/

    Plugin Author Oleg

    (@olegshs)

    11 years, 6 months ago

    Pirate Tayls,

    Do not worry, eval() function was used in older version of the plugin to protect proprietary code. In newer versions evals not used.

    You can download the new version of commercial plugin from your account:
    http://flash-gallery.com/my_account/

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Virus embedded in plugin.class.php’ is closed to new replies.