WPPA+ creates (optionally) a css file (wppa-dynamic.css) and js files for each installed language (wppa-init.en.js etc.) in the plugin folder.
Wordfence erroneously reports this as an issue.
Actually, Wordfence detected that some files have changed from the original files. Some php files under wppa. It only happens with wppa and not with my other plugins.
That is the reason why I wonder if it’s vulnerable to attacks.
Do you know what files? I may have applied a tiny patch after release, too small for another update.
I restored the original files, as Wordfence suggested, so I’m not able to tell you right now but I will tell you when Wordfence will detect the next threats.
hi Jacob,
Here is the list of the files detected as changed by wordfence
wp-photo-album-plus/wppa.php
wp-photo-album-plus/wppa-utils.php
wp-photo-album-plus/wppa-settings-autosave.php
wp-photo-album-plus/wppa-date-time.php
Yesterday i uploaded new versions of these files into the development version ( was 6.5.00.005 .. 6.5.00.007 ).
The developmet version may be updated dayly, or even more than once a day; that is how it works with wp and svn.
Wordfence should not compare your installation with a constantly evolving development version.
Please update to the release version: de-activate and delete the plugin, and re-install as if it is a new plugin. Version 6.5.00 has been released today.
Ergo Conclusio: nothing wrong with wppa, you could inform the Wordfence developers of this.
