Plugin Author
Vova
(@gn_themes)
Hello Cyndi,
that is regular svg icons. I’m not sure they could reduce your site’s security.
Could you provide more details from WordFence?
Hi,
I got the same warnings today. Below is the full warning. It is the same for each svg file:
Filename: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/dummy_image.svg
File Type: Not a core, theme or plugin file.
Issue First Detected: 3 hours 32 mins ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “32.001.167.003.167.006.167.007.165.009.166.012.164.014.164.015.164.018.163.02.162.021.162.024.161.026.16.027.16.03.159.031.158.034.157.035.157.037.156.04.156.041.154.043.154.044.153.047.152.048.152.05…”. The infection type is: suspicious_code:text/ip_addresses. This file was detected because you have enabled “Scan images, binary, and other files as if they were executable”, which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.
Are these icons that Cyndi listed part of your files? Can I delete them? If I delete them will Shortcodes Ultimate continue to work and appear correctly in WordPress or will this break part of the interface I see when using your plugin?
Thanks,
Daphne
Plugin Author
Vova
(@gn_themes)
Hi Daphne,
thank you for additional information.
I confirm that these files (regular SVG icons) are part of my plugin. You can see them by navigating to Dashboard – Shortcodes – Available Shortcodes page.
Large numbers are just coordinates of the SVG images.
Thread Starter
Cyndi
(@cynderella)
I’ll write to WordFence to let them know, both of you should too. Thank you for letting us know, Vladimir.
Hi Vlad,
I’ve also written to them on their forum and will post the same message on their facebook page if possible.
Mail received from WF stating:
Alert generated at Friday 6th of October 2017 at 04:50:04 AM
Critical Problems:
* File appears to be malicious: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/dummy_image.svg
* File appears to be malicious: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/gmap.svg
The plugin owner states that these are genuine files
Whilst I place full trust in Wordfence, I would like to be sure that I am not deleting important files via the WF scan fix/delete button
Please clarify this warning is not a false positive
Kind regards,
Martin
ps: during further research and reading I came across this post on Pluginvulnerabilities
https://www.pluginvulnerabilities.com/2017/09/26/wordfence-falsely-claims-current-version-of-removed-plugin-contains-vulnerability-that-was-fixed-over-six-years-ago/?pk_campaign=AdWordsSearch&pk_kwd=wordfence