Advice Please

  • Resolved murphoto

    (@murphoto)


    10 years ago

    Hi Tobias,

    I use wordfence to protect one of my sites. It is generating this warning about a tablepress file. I have x’d out the site identity.

    This file may contain malicious executable code/xxxxx/xxxx/public_html/xxxx.com/wp-content/plugins/tablepress/libraries/evalmath.class.php
    Filename: xxxxx.com/wp-content/plugins/tablepress/libraries/evalmath.class.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 4 hours 8 mins ago.
    Severity: Critical
    Status New

    Should I be concerned or is this a false positive.

    Thanks much

    https://www.ads-software.com/plugins/tablepress/

Viewing 1 replies (of 1 total)
  • Plugin Author Tobias B?thge

    (@tobiasbg)

    Hi,

    thanks for your post, and sorry for the trouble.

    The WordFence plugin is probably complaining about the usage of the word “eval” in that file. This is also a PHP function to execute PHP strings and (if used in the wrong) way can lead to potential security problems.
    TablePress is however not using that function, it’s just imitating it and simply happens to use a name that includes “eval”. Thus, if you don’t get any other warnings like this for other files, this is a false positive.

    Regards,
    Tobias

Viewing 1 replies (of 1 total)
  • The topic ‘Advice Please’ is closed to new replies.