S2Member security issues? | ww.wp.xz.cn

itmonitor
(@itmonitor)

10 years, 8 months ago

Hello,

I have S2Member installed. On running ConfigServer CXS scan, it will point out the following suspicious files on s2member/includes/classes:

auto-eots.inc.php
paypal-notify-in-subscr-or-rp-eots-w-level.inc.php
paypal-notify-in-web-accept-sp.inc.php
paypal-return-in-web-accept-sp.inc.php
user-deletions.inc.php

The CXS scan warns they are a Regular Expression match = Decode regex:7

Please, any advice on how to solve this potential security issue is welcome.

https://ww.wp.xz.cn/plugins/s2member/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter itmonitor
(@itmonitor)

10 years, 3 months ago

Hello, anybody from S2Member can reply to this question?

KTS915
(@kts915)

10 years, 3 months ago

How can a regular expression be a security concern? There are regex patterns throughout WP, and they are often used to make things more secure.

You really need to start by asking the CSX developers what this is supposed to be identifying.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘S2Member security issues?’ is closed to new replies.

2 replies
2 participants
Last reply from: KTS915
Last activity: 10 years, 3 months ago
Status: not resolved