Title: VaultPress reports malicious code
Last modified: September 1, 2016

---

# VaultPress reports malicious code

 *  Resolved [David Sharpe](https://wordpress.org/support/users/davesharpedotcom/)
 * (@davesharpedotcom)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/vaultpress-reports-malicious-code/)
 * Hi,
 * I received a notice from VaultPress that the Constant Contact plugin contained
   malicious code. I checked the installed plugin against the version in the repository
   and they are the same so it doesn’t appear that my site is infected.
 * Here’s the response I received from VaultPress tech support.
 * > It’s tough to say here. The code that’s triggering the alerts is fairly suspicious,
   > but it could be a case of bad coding as well. Looking at our overall logs we’re
   > seeing that same plugin triggering alerts elsewhere, so it’s not an intrusion
   > into your site itself. But the fact that there are multiple issues within the
   > same plugin is troubling, and it’s leaving your site vulnerable.
   > If you’re using the plugin, then you could ignore the threat, but you might
   > also get in touch with the plugin creator to see if they can make modifications.
   > If you’re not actively using the plugin we’d recommend removing it. Or looking
   > for an alternative plugin.
 * Is this anything to be concerned about or is it a false positive? I’m using the
   latest version of the plugin.
 * Thanks for your help.
 * [https://wordpress.org/plugins/constant-contact-api/](https://wordpress.org/plugins/constant-contact-api/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [Zack Katz](https://wordpress.org/support/users/katzwebdesign/)
 * (@katzwebdesign)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vaultpress-reports-malicious-code/#post-8175496)
 * [@davesharpedotcom](https://wordpress.org/support/users/davesharpedotcom/) Without
   more information about what the issue is, I’m not able to say whether it’s a 
   false positive or not. Please email me details of the security warnings to [zack@katz.co](https://wordpress.org/support/topic/vaultpress-reports-malicious-code/zack@katz.co?output_format=md)
   and I will be able to say.
 * Thanks!
 *  Thread Starter [David Sharpe](https://wordpress.org/support/users/davesharpedotcom/)
 * (@davesharpedotcom)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vaultpress-reports-malicious-code/#post-8178148)
 * Just sent you an email with the details from VaultPress.
 *  Plugin Author [Zack Katz](https://wordpress.org/support/users/katzwebdesign/)
 * (@katzwebdesign)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/vaultpress-reports-malicious-code/#post-8178245)
 * Thanks for the info. That’s not malicious, and it’s part of Guzzle, a heavily
   used open source library. [Read more about Guzzle](http://docs.guzzlephp.org/).

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘VaultPress reports malicious code’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/constant-contact-api_f6e5e6.svg)
 * [Constant Contact for WordPress](https://wordpress.org/plugins/constant-contact-api/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/constant-contact-api/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/constant-contact-api/)
 * [Active Topics](https://wordpress.org/support/plugin/constant-contact-api/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/constant-contact-api/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/constant-contact-api/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [Zack Katz](https://wordpress.org/support/users/katzwebdesign/)
 * Last activity: [9 years, 9 months ago](https://wordpress.org/support/topic/vaultpress-reports-malicious-code/#post-8178245)
 * Status: resolved