Suspicious code reported by malware scanner

  • Resolved boardboss

    (@boardboss)


    3 years, 5 months ago

    Hi – A recent malware scan by a security plugin resulted in a report of a suspicious function in the file bootstrap.php. The line of code flagged is: extract($_POST);

    I briefly researched this function and it appears that it is generally considered unsafe to use it with regards to unknown data. Since your implementation of this function might not fall into this category I wanted to inquire about why it was used, and more importantly, is it safe in its current implementation?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Anonymous User 17160716

    (@anonymized-17160716)

    boardboss, hi there.

    Probably your website was hacked, cause there is no “bootstrap.php” file in the plugin directory / archive.

    Thread Starter boardboss

    (@boardboss)

    My sincere apologies. I apparently missed actually copying the file location when I pasted it into the ticket. The file in question is /wp-content/plugins/webtoffee-gdpr-cookie-consent/admin/modules/cli-themes/cli-themes.php and not bootstrap.php. That file was from a different plugin that I also reported for a different reason.

    Anonymous User 17160716

    (@anonymized-17160716)

    boardboss, same thing, there is no directory cli-themes/ and file cli-themes.php in the original archive, you can check it here.

    Thread Starter boardboss

    (@boardboss)

    Hi again – I opened the file webtoffee-gdpr-cookie-consent.zip, which was downloaded from https://www.webtoffee.com/my-account/my-api-downloads/. That file clearly has a folder named cli-themes and a file named cli-themes.php as can be seen here: https://prnt.sc/15i0qj2

    Thread Starter boardboss

    (@boardboss)

    I have already raised a ticket with WebToffee, since this appears to be an issue in the commercial and not the free version.

    Anonymous User 17160716

    (@anonymized-17160716)

    boardboss, I guess you’re talking about some kind of PRO version of the plugin, not the free one from here: https://downloads.www.ads-software.com/plugin/cookie-law-info.2.0.3.zip. Am I right?

    Plugin Author WebToffee

    (@webtoffee)

    Hi @boardboss, @m0ze,

    Thanks for notifying us of the concerns.

    The issue reported by @boardboss is in the premium version of the plugin and we are taking a look at it.

    @m0ze, We appreciate sharing further information via support ticket directly.

    We will do the needful for both cases and update ASAP.

    Anonymous User 17160716

    (@anonymized-17160716)

    webtoffee, awesome, thanks <3

    Plugin Author WebToffee

    (@webtoffee)

    Hi @boardboss.

    As per the communications we had via the ticket submit at the site, the reported concerns have been addressed in the premium version of the plugin. If you have any more concerns, feel free to reach out via the support ticket itself.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Suspicious code reported by malware scanner’ is closed to new replies.