False Positive – Yellow Pencil

  • Resolved Garrett Hyder

    (@garrett-eclipse)


    7 years, 1 month ago

    Hello,

    I wanted to confirm this is just a False Positive;

    View post on imgur.com

    This file may contain malicious executable code: /home/…/public_html/wp-content/plugins/waspthemes-yellow-pencil/editor.php
    Filename: wp-content/plugins/waspthemes-yellow-pencil/editor.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 9 hours 58 mins ago.
    Severity: Critical
    Status New
    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘urldecode(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.

    I can ignore this correct? Is there anything that can be done on Wordfence end to avoid this in the future?

    Thanks
    P.S. If you need a copy of the plugin to investigate it can be found here;
    https://www.ads-software.com/plugins/yellow-pencil-visual-theme-customizer/

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi Garrett,
    Yes, you can ignore it as long as the file you have on your server has the same content of the same file on WordPress Plugins repository, Wordfence would detect otherwise if you have enabled “Scan plugin files against repository versions for changes” option.
    This kind of warnings only appears when “HIGH SENSITIVITY” scanning is turned on, so some false positive results can be shown there in the scan results. You can turn this option off for now, only enable it when cleaning your website from a stubborn infection.

    Thanks.

    Thread Starter Garrett Hyder

    (@garrett-eclipse)

    THANK YOU

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘False Positive – Yellow Pencil’ is closed to new replies.