WordPress security plugin warns of “Suspicious eval with base64 decode”

Hello –

I am also receiving the same warning message from Wordfence as of today’s scan.

Would appreciate response on if this should be ignored or deleted. Deactivating plug-in temporarily.

Thank you.

Hi,

Same is here. Same exact from Wordfence:
“File appears to be malicious: wp-content/plugins/newsletter/js/ace/mode-php.js”

Please someone from Newsletter plugin respond.

Thanks

Please, is there any solution to this issue from the Newsletter team?

Hi Guys

I have updated the Newsletter plugin this morning and got the same message from Wordfence around an hour ago.

File appears to be malicious: wp-content/plugins/newsletter/js/ace/mode-php.js

Filename: wp-content/plugins/newsletter/js/ace/mode-php.js
File type: Not a core, theme or plugin file.
Issue first detected: 1 hour 30 mins ago.
Severity: Critical
Status New

This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans.

The text we found in this file that matches a known malicious file is:
“EvalError|InternalError|RangeError|ReferenceError|StopIteration|SyntaxError|TypeError|URIError|decodeURI|decodeURIComponent|encodeURI|encodeURIComponent|eval|isFinite|isNaN|parseFloat|parseInt|JSON|Ma…”.

The infection type is: Suspicious eval with base64 decode.. This file was detected because you have enabled “Scan images, binary, and other files as if they were executable”, which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.

Does anyone have a solution for this problem?

This is being reported AGAIN with today’s update.