Title: Malware warnings on php code for GDPR framework
Last modified: February 5, 2022

---

# Malware warnings on php code for GDPR framework

 *  Resolved [creativeloves](https://wordpress.org/support/users/creativeloves/)
 * (@creativeloves)
 * [4 years, 4 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/)
 * Hi I am using GDPR framework by Data 443 and my malware scanner keeps flagging
   these lines of code as dangerous and probable malware. Can anyone give insight
   into this?
 * 1) protected function passthru($method, array $params)
 * 2) exec(“mklink /{$mode} “.escapeshellarg($link).’ ‘.escapeshellarg($target));
 * 3) assert(class_exists(‘ParagonIE_Sodium_Compat’), ‘Possible filesystem/autoloader
   bug?’);
    And assert(class_exists(‘ParagonIE_Sodium_Compat’))
 * These are three separate ” flags” on the malware scanner. I use Cleantalk for
   antispam and malware scanning, and these lines of code are routinely triggered
   as dangerous with a “99.5%” likelihood of being malware. So, I’m wondering what’s
   up with that?
 * Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Author [Data443 Risk Mitigation, Inc.](https://wordpress.org/support/users/data443/)
 * (@data443)
 * [4 years, 4 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15337218)
 * Hello,
 * Thanks for bringing this to our attention. This is the first time we’ve heard
   of this issue. We’ll contact Cleantalk to see about resolving this false notification.
 *  [Safronik](https://wordpress.org/support/users/safronik/)
 * (@safronik)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15354670)
 * Hello [@data443](https://wordpress.org/support/users/data443/) [@creativeloves](https://wordpress.org/support/users/creativeloves/)
 * I’m a developer from CleanTalk team. I wanna share my thoughts about the issue:
 * 1. **protected function passthru($method, array $params)**. Looks like it’s a
   false positive. Your passthru() is a method, not a [native PHP function](https://www.php.net/manual/en/function.passthru.php).
   We’ll tweak the logic. Thank you!
    2. **exec(“mklink /{$mode} “.escapeshellarg(
   $link).’ ‘.escapeshellarg($target));** – is not safe to use this, because if 
   you made a mistake in sanitizing any of these 3 parameters, it will become a 
   security vulnerability. You could use safe alternative for this like: [link()](https://www.php.net/manual/ru/function.link.php)
   and [symlink()](https://www.php.net/manual/en/function.symlink). 3. **assert(
   class_exists(‘ParagonIE_Sodium_Compat’))** – as the [documentation](https://www.php.net/manual/en/function.assert.php)
   says, the assertions should not be used for normal runtime operations like input
   parameter checks. Only for debugging.
    -  This reply was modified 4 years, 3 months ago by [Safronik](https://wordpress.org/support/users/safronik/).
      Reason: spelling
 *  Plugin Author [Data443 Risk Mitigation, Inc.](https://wordpress.org/support/users/data443/)
 * (@data443)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15372139)
 * Hi [@creativeloves](https://wordpress.org/support/users/creativeloves/) [@safronik](https://wordpress.org/support/users/safronik/),
   
   We have scrubbed the plugin and would like to provide to you to test before we
   release publicly. Can you provide your email or send us an email at [support@data443.com](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/support@data443.com?output_format=md)
   so we can connect? Thank you!
 *  Thread Starter [creativeloves](https://wordpress.org/support/users/creativeloves/)
 * (@creativeloves)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15376351)
 * Thank you both [@data443](https://wordpress.org/support/users/data443/) and [@safronik](https://wordpress.org/support/users/safronik/)
   for addressing this issue! I am still getting flags every day. I have been sent
   a new version of the GDPR framework plugin to test and that is my next step, 
   but before I go download that and apply it I have a quick question for Data443.
   Has this new version been scrubbed of said security risks, such as resolving 
   this?
 * “2. exec(“mklink /{$mode} “.escapeshellarg($link).’ ‘.escapeshellarg($target));–
   is not safe to use this, because if you made a mistake in sanitizing any of these
   3 parameters, it will become a security vulnerability. You could use safe alternative
   for this like: link() and symlink().”
 *  Plugin Author [Data443 Risk Mitigation, Inc.](https://wordpress.org/support/users/data443/)
 * (@data443)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15411262)
 * The new version we sent you has been scrubbed of the security risks you encountered.
 * After reviewing the original problem we’ve traced the vulnerable code to a set
   of third-party scripts tied to an early commit. We have removed said third-party
   scripts in version 2.0.0 in order to remediate the vulnerability, and have already
   taken steps to ensure future contributions are properly vetted.
    -  This reply was modified 4 years, 3 months ago by [Data443 Risk Mitigation, Inc.](https://wordpress.org/support/users/data443/).
 *  Plugin Author [Data443 Risk Mitigation, Inc.](https://wordpress.org/support/users/data443/)
 * (@data443)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15423740)
 * The latest version has been released.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Malware warnings on php code for GDPR framework’ is closed to new replies.

 * ![](https://ps.w.org/gdpr-framework/assets/icon.svg?rev=2304387)
 * [The GDPR Framework By Data443](https://wordpress.org/plugins/gdpr-framework/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/gdpr-framework/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/gdpr-framework/)
 * [Active Topics](https://wordpress.org/support/plugin/gdpr-framework/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/gdpr-framework/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/gdpr-framework/reviews/)

 * 6 replies
 * 3 participants
 * Last reply from: [Data443 Risk Mitigation, Inc.](https://wordpress.org/support/users/data443/)
 * Last activity: [4 years, 3 months ago](https://wordpress.org/support/topic/malware-warnings-on-php-code-for-gdpr-framework/#post-15423740)
 * Status: resolved