Critical notification about YUZO plugin

  • Resolved tihjawi

    (@tihjawi)


    4 years, 9 months ago

    Plugin Wordfence after update YUZO send my a notice:

    Filename: wp-content/plugins/yuzo-related-post/admin/classes/class-admin.php
    File Type: Not a core, theme, or plugin file from www.ads-software.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: eval(base64_decode(

    The issue type is: Suspicious:PHP/evalB64.4068
    Description: Suspicious eval with a base64_decode

    What does it mean?

    Topic on plugin page: https://www.ads-software.com/support/topic/wordfence-alert-suspiciousphp-evalb64-4068

    I found this in file class-admin.php (on wordpress server also):

    'bp' => base64_encode(eval(base64_decode('cmV0dXJuIHl1em9fZ2V0X3BsdWdpbigpOw=='))),

    and this

    'bt' => base64_encode(eval(base64_decode('cmV0dXJuIHl1em9fZ2V0X3RoZW1lKCk7')))

    After decoding I got in 1st:

    return yuzo_get_plugin();

    and in 2nd:

    return yuzo_get_theme();

    —-

    What does it mean? What plugin gets access to other plugins and themes?

    • This topic was modified 4 years, 9 months ago by tihjawi.
Viewing 1 replies (of 1 total)

  • Hey @tihjawi,

    I’ve downloaded the YUZO plugin and the code is indeed there. I’ve shared it with the developers and it seems it’s going to be a false positive. However, this is due to them using eval(base64_decode(, which was just added in their most recent release.

    So in short, it’s just fine to ignore this.

    Please let me know if you have any questions.

    Thanks,

    Gerroald

Viewing 1 replies (of 1 total)
  • The topic ‘Critical notification about YUZO plugin’ is closed to new replies.