Suspious code

Hi @pizza4all

This is a false positive. There’s absolutely nothing suspicious about that file. The file comes from a library called Carbon fields that it’s used in WPUM to generate the custom fields in the admin panel, ranging from the user custom fields to settings for addons.

You can see the source code here https://github.com/htmlburger/carbon-fields/blob/master/core/Pimple/Container.php therefore there’s nothing that I can do about this.

Hey Alessandro,thanks for the quick reply. Just go this message from Vaultpress folkd confirming your saying :
“I just checked the threat and it turned out to be false-positive.
The vulnerability was detected on this line: return $callable($factory($c), $c);
I matched this line of code with the actual code of the plugin available here: https://www.ads-software.com/plugins/wp-user-manager/ and they matched completely.
However, I’d recommend you to switch to a different plugin, if VaultPress continues to detect vulnerabilities with this plugin.”

Hoping I won’t have to switch plugin ??

cheers,
norm

Ah no worries, thanks for reporting the message from Vaultpress. There’s no malicious code in the plugin. I’ve reported the issue to the developers of the library just now https://github.com/htmlburger/carbon-fields/issues/550 so maybe they can do something about it ??