Support » Plugin: VidYen Crypto Reward System » Wordfence – Issue Found

  • Resolved Surrealer

    (@surrealer)


    Wordfence -Issue Found 13. July 2018 05:58
    Critical

    File appears to be malicious: wp-content/plugins/vidyen-point-system-vyps/manage_points.php
    Type: File
    Issue Found 13. July 2018 05:58
    Critical
    Filename: wp-content/plugins/vidyen-point-system-vyps/manage_points.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: eval( $_POST[‘update_user_point’]);. The infection type is: A backdoor that provides code execution.

    I checked your code and found that you use:
    “$point_amount_post = doubleval( $_POST[‘update_user_point’]);”
    It’s tagged for the “…eval( $_POST[‘update_user_point’]);” part.
    You should use floatval() instead of doubleval ta avoid this false warning!

    Best regards
    Arne

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author VidYen, LLC

    (@vidyen)

    Thanks!

    I read this shortly before I uploaded a fix for another bug so put in the last update!

    Yeah, floatval would have been a better default since doubleval is just an alias and I’m just making sure the POST is a number not a string.

    • This reply was modified 2 years, 9 months ago by VidYen, LLC.
    Plugin Author VidYen, LLC

    (@vidyen)

    Fix is in version 00.03.03 on WP repository now.

    Thread Starter Surrealer

    (@surrealer)

    thank you for the fast fix 🙂

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence – Issue Found’ is closed to new replies.