sorry not getting this issue; are you using the latest EM version ?
Thread Starter
eqjosh
(@eqjosh)
Yes.
Vaultpress scans files in wordpress and issues security warnings about potentially dangerous code. They’ve issues a warning about the code above.
I think this is a simplistic warning that doesn’t make a lot of sense – the code referred to by the error is only run if the user is logged in to the WordPress admin area, by which time they’ve already been through the standard WordPress security checks.
The code isn’t run on the front-end of the site.
Thread Starter
eqjosh
(@eqjosh)
I checked w/ Vaultpress and they agree with you, it’s a “false positive” — and I was told to mark this “ignore” — for anyone else getting this warning, below is the note.
🙂
– J
---------- Forwarded message ----------
From: Mikey Arce <[email protected]>
Date: Tue, Jun 17, 2014 at 7:56 AM
Subject: Re: I need help with a security threat. premium
> Is this code a serious problem, or maybe a false-positive? I asked on the
> plugin's support forum,
> http://ww.wp.xz.cn/support/topic/security-issue-w-em-actionsphp, met
> with uncertainty...
Hi Josh,
I looked at this code again with another developer and in this case, the security threats that we reported from the events manager plugin are indeed false-positives. You can go ahead and click on the "Ignore Threat" button your Security page here:
https://dashboard.vaultpress.com/1785/security/
hello,
can you contact us at [email protected] and include additional links and details please?
thanks
I don’t think there’s a need to contact us in this case, ignore the above. We’re liasing with jetpack already to see if there’s something that can be done to prevent this.
