Wordfence Reporting Malicious URL in Rank Math Code

I confirm that the file is detected as infected, containing a URL that is present in various blacklists.
From the trac you can see the diff from 6 days ago.

https://plugins.trac.www.ads-software.com/changeset?old_path=%2Fseo-by-rank-math%2Ftrunk%2Fincludes%2Fupdates%2Fupdate-1.0.42.php&old=3063961&new_path=%2Fseo-by-rank-math%2Ftrunk%2Fincludes%2Fupdates%2Fupdate-1.0.42.php&new=3056760&sfp_email=&sfph_mail=

Michele

Thanks for that info, so it looks like the nomenclature has changed but it was already there prior.

Here’s one for you: I too was getting WordFence malware warnings across the 20 sites I run, until around an hour ago, when on one domain the update was automatically applied.

Wordfence did not mail me a warning so I ran a scan and no malware warning was received. I repeated the scan, same no-issue report.

Something has changed…. but what?

Very, very odd.

Your take?
Peter

Cancel that – small difference in WordFence scan settings, adjusted and rescanned and issue remains. Apologies

Hello,

Thank you for your query and we are so sorry about the trouble this must have caused.

WordFence appears to be scrutinizing the modified files from the update and triggering the Bad URL error, which is actually a false alarm. The file named includes/updates/update-1.0.42.php serves as the update routine file for version 1.0.42, containing the necessary code to eliminate the erroneous redirection rule.

In the previous update, our focus was solely on addressing the WPCS issue within this file.

You can safely ignore that error.