admin.php labelled dangerous by Defender Pro Plugin

  • Resolved Lin

    (@floristweb)


    7 months, 1 week ago

    I have Version 33.0.16 of PPOM Plugin. My Defender Pro Plugin warned me about the admin.php file inside the woocommerce-product-addon folder because of the line:

    extract( $_REQUEST );

    I have been using PPOM and Defender Pro for years – but this makes me feel awkward. Defender suggests to deactivate PPOM Plugin and delete the admin.php file –

    Please give me some advice: Is the file ok or not? Are you planning on updating it with another method?

    Thank you.

    Lin

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support rodicaelena

    (@rodicaelena)

    7 months, 1 week ago

    Hi Lin,

    Thank you for writing. Can you please share exactly what is the message shared by Defender Pro?

    Once I have the message I can share this with the development team for review.

    Kind regards,

    Rodica

    Thread Starter Lin

    (@floristweb)

    7 months, 1 week ago

    Hi Rodica,

    Thank you for your quick answer. I will send you a screenshot:

    Does this do it?

    Greetz, Lin

    Plugin Support rodicaelena

    (@rodicaelena)

    7 months, 1 week ago

    Hi Lin,

    Thank you for sharing the screenshot.

    Please don’t worry, it is highly likely that this is a false positive from Defender Pro.

    We have already shared your report with our development team for review. They will investigate the specific context of this file to either confirm it’s safe (a false positive) or to update the code if needed. If there is indeed any update required to address this from a security best practice perspective, we will release a new version of the PPOM plugin.

    We appreciate you being a long-time user and for helping us keep PPOM robust and secure.

    Kind regards,

    Rodica

    Thread Starter Lin

    (@floristweb)

    6 months ago

    Hello PPOM,

    my Defender Plugin still shows the warning, the extract() is still in the code.

    Are there any news from the development? When are you planning to update that code bit? – In case you are not: please explain why I should not be worried.

    Thank you,

    Lin

    Thread Starter Lin

    (@floristweb)

    5 months, 2 weeks ago

    Is there anybody out there?

    Plugin Support rodicaelena

    (@rodicaelena)

    5 months, 1 week ago

    Hi Lin,

    I apologize for the delay. The development team reviewed this, and an update will be released in the following period.

    Thank you for your support!

    Plugin Support rodicaelena

    (@rodicaelena)

    5 months, 1 week ago

    Hi,

    We just released an update which should contain a fix for this too.

    Let us know how this works for you.

Viewing 7 replies - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.