Support » Plugin: Newsletter » WordPress security plugin warns of “Suspicious eval with base64 decode”

  • Hello

    Just a quick post to notify the plugin author as well as users of this plugin, that the Wordfence Security Plugin has flagged a file to be malicious:

    The warning:
    File appears to be malicious: wp-content/plugins/newsletter/js/ace/mode-php.js
    “The text we found in this file that matches a known malicious file is:
    “EvalError|InternalError|RangeError|ReferenceError|StopIteration|SyntaxError|TypeError|URIError|decodeURI|decodeURIComponent|encodeURI|encodeURIComponent|eval|isFinite|isNaN|parseFloat|parseInt|JSON|Ma…”.
    The infection type is: Suspicious eval with base64 decode.. This file was detected because you have enabled “Scan images, binary, and other files as if they were executable”, which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.”

    Could someone confirm, if this warning is to be taken serious?

    Many thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hello –

    I am also receiving the same warning message from Wordfence as of today’s scan.

    Would appreciate response on if this should be ignored or deleted. Deactivating plug-in temporarily.

    Thank you.

    Hi,

    Same is here. Same exact from Wordfence:
    “File appears to be malicious: wp-content/plugins/newsletter/js/ace/mode-php.js”

    Please someone from Newsletter plugin respond.

    Thanks

    Please, is there any solution to this issue from the Newsletter team?

    Hi Guys

    I have updated the Newsletter plugin this morning and got the same message from Wordfence around an hour ago.

    File appears to be malicious: wp-content/plugins/newsletter/js/ace/mode-php.js

    Filename: wp-content/plugins/newsletter/js/ace/mode-php.js
    File type: Not a core, theme or plugin file.
    Issue first detected: 1 hour 30 mins ago.
    Severity: Critical
    Status New

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans.

    The text we found in this file that matches a known malicious file is:
    “EvalError|InternalError|RangeError|ReferenceError|StopIteration|SyntaxError|TypeError|URIError|decodeURI|decodeURIComponent|encodeURI|encodeURIComponent|eval|isFinite|isNaN|parseFloat|parseInt|JSON|Ma…”.

    The infection type is: Suspicious eval with base64 decode.. This file was detected because you have enabled “Scan images, binary, and other files as if they were executable”, which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.

    Does anyone have a solution for this problem?

    This is being reported AGAIN with today’s update.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WordPress security plugin warns of “Suspicious eval with base64 decode”’ is closed to new replies.