WordFence warning

  • Resolved Cyndi

    (@cynderella)


    7 years, 1 month ago

    WordFence just alerted me on several sites with this warning:

    File appears to be malicious: members/wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/dummy_image.svg

    * File appears to be malicious: members/wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/gmap.svg

    * File appears to be malicious: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/dummy_image.svg

    * File appears to be malicious: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/gmap.svg

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Vova

    (@gn_themes)

    Hello Cyndi,

    that is regular svg icons. I’m not sure they could reduce your site’s security.

    Could you provide more details from WordFence?

    Hi,

    I got the same warnings today. Below is the full warning. It is the same for each svg file:

    Filename: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/dummy_image.svg
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 3 hours 32 mins ago.
    Severity: Critical
    Status New

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “32.001.167.003.167.006.167.007.165.009.166.012.164.014.164.015.164.018.163.02.162.021.162.024.161.026.16.027.16.03.159.031.158.034.157.035.157.037.156.04.156.041.154.043.154.044.153.047.152.048.152.05…”. The infection type is: suspicious_code:text/ip_addresses. This file was detected because you have enabled “Scan images, binary, and other files as if they were executable”, which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.

    Are these icons that Cyndi listed part of your files? Can I delete them? If I delete them will Shortcodes Ultimate continue to work and appear correctly in WordPress or will this break part of the interface I see when using your plugin?

    Thanks,
    Daphne

    Plugin Author Vova

    (@gn_themes)

    Hi Daphne,

    thank you for additional information.

    I confirm that these files (regular SVG icons) are part of my plugin. You can see them by navigating to Dashboard – Shortcodes – Available Shortcodes page.

    Large numbers are just coordinates of the SVG images.

    Thread Starter Cyndi

    (@cynderella)

    I’ll write to WordFence to let them know, both of you should too. Thank you for letting us know, Vladimir.

    Hi Vlad,

    I’ve also written to them on their forum and will post the same message on their facebook page if possible.

    Mail received from WF stating:

    Alert generated at Friday 6th of October 2017 at 04:50:04 AM
    Critical Problems:
    * File appears to be malicious: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/dummy_image.svg
    * File appears to be malicious: wp-content/plugins/shortcodes-ultimate/admin/images/shortcodes/gmap.svg

    The plugin owner states that these are genuine files

    Whilst I place full trust in Wordfence, I would like to be sure that I am not deleting important files via the WF scan fix/delete button

    Please clarify this warning is not a false positive

    Kind regards,

    Martin

    ps: during further research and reading I came across this post on Pluginvulnerabilities

    https://www.pluginvulnerabilities.com/2017/09/26/wordfence-falsely-claims-current-version-of-removed-plugin-contains-vulnerability-that-was-fixed-over-six-years-ago/?pk_campaign=AdWordsSearch&pk_kwd=wordfence

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WordFence warning’ is closed to new replies.