Potential threat in code? | ww.wp.xz.cn

Resolved catmaniax
(@catmaniax)

9 years, 6 months ago

Hello.

Recently, I installed and ran Anti-Malware Security and Brute-Force Firewall (https://ww.wp.xz.cn/plugins/gotmls/) and it found a potential threat in your plugin.

Here’s a screenshot (the blue highlighted part):
https://s21.postimg.org/4ya6gyfuv/threat.png

Please let me know if it’s a false positive or should I remove that line.
Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)

Eli
(@scheeeli)

9 years, 6 months ago

I have added this exception to my definitions updates so that this plugin should not be identified as a threat any more.

I agree that this code is not intended to be used maliciously in this plugin, it is only used to promote the authors website. However, you and the author should know that many hackers used this same example code to promote their malicious sites and execute XSS scripts on unsuspecting admins. Personally, I think the author should change the name of the admin notice function, if only to avoid conflicting with the same code from any other amateur programmer that copied the this example code and also didn’t change the function name.

Thread Starter catmaniax
(@catmaniax)

9 years, 6 months ago

Thanks for your input, I appreciate it.

Plugin Author WP SITES
(@wordpresssites)

9 years, 6 months ago

Thanks Eli. Changed the function name for the admin notice.

Plugin Author WP SITES
(@wordpresssites)

9 years, 6 months ago

Resolved

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Potential threat in code?’ is closed to new replies.

4 replies
3 participants
Last reply from: WP SITES
Last activity: 9 years, 6 months ago
Status: resolved