Getting alerted about the code on this plugin

  • Resolved kdmitchell27

    (@kdmitchell27)


    7 years, 10 months ago

    I was made aware that this plugin has some code in it that can be used to attack a worpress website.

    Generic.Hidden.Code.2

    This file contains suspicious hidden code, and should be checked for recent changes, or malicious code. Often hackers try to hide their hack attempts by obfuscating their attack code, to make it harder to detect. VaultPress has detected a string of suspicious characters in this file. Please check your backup history for recent changes to this file, or contact a Safekeeper if you are unsure.

    /wp-content/plugins/post-status-notifier-lite/lib/IfwPsn/Vendor/Zend/Validate

    // “+”, “-“, “/”, “=”, “?”, “^”, “_”, “`”, “{“, “|”, “}”, “~”
    423
    $atext = ‘a-zA-Z0-9\x21\x23\x24\x25\x26\x27\x2a\x2b\x2d\x2f\x3d\x3f\x5e\x5f\x60\x7b\x7c\x7d\x7e’;
    424
    if (preg_match(‘/^[‘ . $atext . ‘]+(\x2e+[‘ . $atext . ‘]+)*$/’, $this->_localPart)) {

    Is this legit and if so, are you aware that this was added to the code?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Timo

    (@worschtebrot)

    This code is legit. It is part of the Zend Framework Email Validator and has not been added by someone else.

    You can see the official sources of that script here: https://github.com/zendframework/zf1/blob/master/library/Zend/Validate/EmailAddress.php
    Check line 422 and the following and you’ll see that snippet.

    Please ask the creator of your security plugin (or whatever/whoever told you that), to improve their algorithms.

    Hi,

    I’ve also received an alert from vaultpress security. Interestingly enough, the aleart appears to effect two files, both of which are exactly the same – same file name and same location they are stored in. I’ve contact the safekeeper asking them to explain why the file has been mentioned twice and also linked to this post. Hopefully, they will correct this issue soon.

    Anonymous User 3392934

    (@anonymized-3392934)

    Hey there!

    Thank you for bringing this to our attention. We have investigated this on our end and reached a solution. Please always feel free to contact us if anything comes up in the future with your plugin or any others – we’re happy to work with plugin authors and users of our products alike to improve our security system! You can get in touch with us here:

    https://dashboard.vaultpress.com/contact/

    Best,

    Mark Z. – Happiness Engineer

    Plugin Author Timo

    (@worschtebrot)

    Hi Mark,

    thanks for your reply. That’s good news. It would be a great improvement, if VaultPress would recognize the above mentioned script as legit code in the future.

    Kind regards
    Timo

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Getting alerted about the code on this plugin’ is closed to new replies.