Hi @de-webconnectie, thanks for getting in touch!
The alert you’re seeing looks to be for a PHP web shell backdoor may be present on your site. Without further information of the plugins and environment you’re running on, I’m unable to confirm anything just yet. Wordfence narrows-down whether you’re running a specific vulnerable version of a plugin, so it’s possible that you have a plugin installed that did have a vulnerability known by other plugins but has been patched. However, we can benefit from submissions from our community to confirm whether it’s something Wordfence should’ve picked up.
Is there any mention of the affected file(s) and/or suggested action from Patchman? If so, you can provide the files and other relevant information to us so that we can check it out for you at samples @ wordfence . com.
Please note that when making files available to us, ensure that you remove any database access credentials or keys/salts contained inside before sending.
Thanks,
Peter.
