backdoor identified in your plugin | ww.wp.xz.cn

horsee
(@horsee)

2 years, 5 months ago

Hello,

can you please comment – i have found by the security plugin Security Ninja that your plugin code contains a backdoor:

wp-content/plugins/ajax-login-and-registration-modal-popup-pro/free/vendor/max-kk/wp-notice-lib/class-admin-dismissible-notice.php

// if ( $_GET['hash'] !== md5($_GET['key'] . NONCE_SALT . $_GET['save_to']) ) {

Line: 52

md5($_GET[

#Backdoor

Located here: /home/u188246671/domains/hobbyhorseslovakia.com/public_html/wp-content/plugins/ajax-login-and-registration-modal-popup-pro/free/vendor/max-kk/wp-notice-lib/class-admin-dismissible-notice.php

Can you please kindly comment on this finings?

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Max K
(@kaminskym)

2 years, 5 months ago
Hey,

As you can see:
1. This code has been commented for many years
2. There is nothing related to the Backdoor, it’s only checking that the Admin notice hash is correct while dismissing the admin notice:
// // Verify that data was not changed
// if ( $_GET['hash'] !== md5($_GET['key'] . NONCE_SALT . $_GET['save_to']) ) {
// wp_send_json_error();
// }

You can always upload it to the Virus Total, if you have any doubts.
- This reply was modified 2 years, 5 months ago by Max K.
Thread Starter horsee
(@horsee)

2 years, 5 months ago

can you just remove it from the code if you commented it? Just to avoid the confusion a positive detections from the security plugins?

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘backdoor identified in your plugin’ is closed to new replies.

2 replies
2 participants
Last reply from: horsee
Last activity: 2 years, 5 months ago
Status: not resolved