Title: Possible Exploit in code Last modified: January 2, 2018 --- # Possible Exploit in code * Resolved [borpin2](https://wordpress.org/support/users/borpin2/) * (@borpin2) * [8 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-in-code/) * This plugin has been identified by my webhost as having a possible exploit. * Critical! – Directory Access Disabled – Jan 2 15:22:44 beryllium [‘/home/borpinco/ tech.borpin.co.uk/wp-content/plugins/pastacode/pastacode.php’] – Known exploit = [Fingerprint Match] [RFI Exploit [P1419]] * Can this be investigated please. Viewing 3 replies - 1 through 3 (of 3 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [8 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-in-code/#post-9828490) * I don’t see anything. It may be that your site has been hacked or it’s a false positive. * So, first, delete the plugin from your site and reinstall, then ask the host to check it again. If they say it has a problem, please ask them to identify the specific issue if they can. * If there’s no longer an issue, then….. well, you may have been hacked. If so, post something in the “fixing wordpress” area and we’ll deal with it. * Thread Starter [borpin2](https://wordpress.org/support/users/borpin2/) * (@borpin2) * [8 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-in-code/#post-9830777) * So I have uninstalled and reinstalled the plugin and I immediately got a warning from my host * Critical! – Directory Access Disabled – wp-content/plugins/pastacode/pastacode. php – [‘wp-content/plugins/pastacode/pastacode.php’] – Known exploit = [Fingerprint Match] [RFI Exploit [P1419]] * Googling the code suggests it is a remote file exploit. * I’m not actually using it so I will remove it, but I thought you should be aware. I have flagged it with my host as a possible false positive. * Plugin Author [Willy Bahuaud](https://wordpress.org/support/users/willybahuaud/) * (@willybahuaud) * [8 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-in-code/#post-9895666) * Hello, * Thanks you to flagged it as false positive. Maybe your host disallow php script to get remote code from website like GitHub…? * Pastacode can retrieve remote code (to display it on your posts) but prevent any execution (all data are escaped before save/display). * Have a nice day! Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Possible Exploit in code’ is closed to new replies. * ![](https://ps.w.org/pastacode/assets/icon-256x256.png?rev=2819151) * [Pastacode](https://wordpress.org/plugins/pastacode/) * [Frequently Asked Questions](https://wordpress.org/plugins/pastacode/#faq) * [Support Threads](https://wordpress.org/support/plugin/pastacode/) * [Active Topics](https://wordpress.org/support/plugin/pastacode/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pastacode/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pastacode/reviews/) * 3 replies * 3 participants * Last reply from: [Willy Bahuaud](https://wordpress.org/support/users/willybahuaud/) * Last activity: [8 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-in-code/#post-9895666) * Status: resolved