[Plugin: WP Mobile Detector] DO NOT USE – Malware vulnerable

  • This plugin infected my entire site. I cleaned the entire site, downloaded a new version of WP and backed up files.

    I re-installed the plugin (paid version) and then ran my scan – this is the result:

    This file may contain malicious executable code
    Filename: wp-content/plugins/a-wp-mobile-detector/functions.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 31 secs ago.
    Severity: Critical
    Status New
    This file is a PHP executable file and contains a line 2045 characters long without spaces that may be encoded data along with functions that may be used to execute that code. If you know about this file you can choose to ignore it to exclude it from future scans.

    I emailed support several times as I believe it would be a great plugin but to no avail.

    https://www.ads-software.com/extend/plugins/wp-mobile-detector/

Viewing 1 replies (of 1 total)
  • Plugin Author websitezcom

    (@websitezcom)

    That error is a false negative as there is no encoded data that is executable in that file.

    The only injection opportunity is through the Timthumb.php open source library, but that was fixed almost a year ago now.

    If you’d like help, just let me know.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: WP Mobile Detector] DO NOT USE – Malware vulnerable’ is closed to new replies.