Possible security issue

  • Resolved bssa

    (@bssa)


    9 months, 3 weeks ago

    Hi there, our ecommerce site was compromised yesterday afternoon, someone replaced the index.php file in the root directory with an infected file. After removing it and checking the PHP error logs, I noticed an error referring to your plugin around the time the file was replaced.

    [14-Aug-2025 15:47:10 UTC] PHP Warning: fileperms(): stat failed for /home/REDACTED/public_html/index.php in /home/REDACTED/public_html/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/includes/Compatibility/FileSystem.php on line 84

    Please check if there is a security whole in the FileSystem.php file that would give someone the ability to change file permissions and replace the site’s index.php file. Just bringing this to your attention.

    EDIT: WordPress and all of our other plugins are all up to date. Your plugin is on v4.6.2.

    • This topic was modified 9 months, 3 weeks ago by bssa.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor alexmigf

    (@alexmigf)

    9 months, 3 weeks ago

    Hi @bssa

    Thanks for reporting this. That warning appears when PHP tries to read the permissions of index.php to compute a default and the file is missing or unreadable at that moment. Our plugin doesn’t modify or replace index.php, nor does it change permissions on core files. The warning is a symptom, not the cause.

    Hope that clears.

    Thread Starter bssa

    (@bssa)

    9 months, 3 weeks ago

    Thanks @alexmigf for clearing it up, I was not sure what exactly your plugin did with that file.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Possible security issue’ is closed to new replies.