Wordfence Alert – Suspicious:PHP/evalB64.4068

  • Resolved tihjawi

    (@tihjawi)


    4 years, 9 months ago

    Plugin Wordfence after update YUZO send my a notice:

    Filename: wp-content/plugins/yuzo-related-post/admin/classes/class-admin.php
    File Type: Not a core, theme, or plugin file from www.ads-software.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: eval(base64_decode(

    The issue type is: Suspicious:PHP/evalB64.4068
    Description: Suspicious eval with a base64_decode

    What does it mean?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter tihjawi

    (@tihjawi)

    I found this in file class-admin.php (on wordpress server also):

    'bp' => base64_encode(eval(base64_decode('cmV0dXJuIHl1em9fZ2V0X3BsdWdpbigpOw=='))),

    and this

    'bt' => base64_encode(eval(base64_decode('cmV0dXJuIHl1em9fZ2V0X3RoZW1lKCk7')))

    After decoding I got in 1st:

    return yuzo_get_plugin();

    and in 2nd:

    return yuzo_get_theme();

    —-

    What does it mean? What plugin gets access to other plugins and themes?

    Plugin Contributor ilenstudio

    (@ilenstudio)

    Hello, hundreds of plugins do it to know that plugins are consuming many resources, ready plugins that do
    https://es.www.ads-software.com/plugins/wp-script-optimizer/
    https://es.www.ads-software.com/plugins/wp-asset-clean-up/
    Yuzo does it because in the Yuzo->settings from the new version the saving is through AJAX (press CONTROL + S), if a plugin is causing a JS error then I could not save the settings (try it) with I could know what plugin It is causing the JS error.

    Pd: In the next version I will remove the EVAL to avoid these warnings.

    • This reply was modified 4 years, 9 months ago by ilenstudio.
    Thread Starter tihjawi

    (@tihjawi)

    Everything works fine for me, just a security issue – the plugin Wordfence considered these lines to be dangerous.

    Thread Starter tihjawi

    (@tihjawi)

    Thanks, it’s ok for now.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence Alert – Suspicious:PHP/evalB64.4068’ is closed to new replies.