Exploit discovered by VaultPress security

  • Resolved spaceball1

    (@spaceball1)


    6 years, 11 months ago

    Hi,

    Vaultpress security has discovered an exploit in /wp-content/plugins/wp-rss-aggregator/src/Modules/ImagesModule.php. Is this something I should be concerned about?

    Thanks,
    Daniel

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Miguel Muscat

    (@mekku)

    6 years, 11 months ago

    Hi @spaceball1.

    Given the purpose of the code in that file it’s likely that the discovered exploit is false positive. Does VaultPress provide any additional information about what it considered to be an exploit?

    hcarrier

    (@hcarrier)

    6 years, 11 months ago

    I got the same message. VaultPress says, “Our security scanners detected the following possible security issues. We recommend that you review the affected files.

    PHP.Generic.BadPattern.5

    This code pattern is often used to run a very dangerous shell programs on your server. The code in these files needs to be reviewed, and possibly cleaned.”

    Plugin Contributor Miguel Muscat

    (@mekku)

    6 years, 11 months ago

    @hcarrier Hey, just letting you know that we’ve found what’s causing the security alert. It was indeed a false positive, so we can safely assure you that it’s harmless. We’ll still be working on changing the affected code. The next update of plugin should resolve these security alerts.

    hcarrier

    (@hcarrier)

    6 years, 11 months ago

    Thanks, Miguel. Do you have a sense of when the update will be available?

    Thread Starter spaceball1

    (@spaceball1)

    6 years, 10 months ago

    @mekku Thanks very much. Keep us posted please.

    • This reply was modified 6 years, 10 months ago by spaceball1.
Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Exploit discovered by VaultPress security’ is closed to new replies.