Suspicious function found | ww.wp.xz.cn

Resolved vraisa
(@vraisa)

7 months, 2 weeks ago
We’ve detected some suspicious code in this plugin file from the Official WP repository at https://wp.org/plugins/simply-static-pro and the flagged code is highlighted in red. We recommend contacting the plugin developer for clarification, as warnings can sometimes be false positives. If found as a false positive, please reach out to our support.

version: 14.15.5
file: class-ssp-shortpixel.php
line: 784
if ( @copy( $file, $file_path ) ) {
- The @ symbol suppresses PHP errors, which is often considered bad practice because it can hide potential issues.
- Security scanners often flag @copy() (and similar functions like eval(), base64_decode(), exec(), etc.) since they are sometimes abused in malware to copy or move malicious files.

Viewing 1 replies (of 1 total)

Plugin Author patrickposner
(@patrickposner)

7 months, 2 weeks ago

Hey @vraisa,

thanks for heads-up!

Happy to get that removed in the next update – we had it to support some PHP 7.2 environments, but since we upped the minimum version to 7.4 a while ago, it’s no longer needed.

Should be gone with the next update!

Cheers,
Patrick

Viewing 1 replies (of 1 total)

The topic ‘Suspicious function found’ is closed to new replies.

1 reply
2 participants
Last reply from: patrickposner
Last activity: 7 months, 2 weeks ago
Status: resolved