If you can edit the URL, could you remove it (from this forum)? We will have a look.
Which malware scan did you use?
This is a false positive: The version of the included MPDF library is 8.1, there is no known vulnerability in the latest MPDF version.
Sorry yes, Ive removed it. My security guy has said it’s a compromise, I’m having him clean the site now.
This is a false positive: The version of the included MPDF library is 8.1, there is no known issue in the latest MPDF version.
Could you also explain which malware scan flagged this? We ran some tests, and checked the library, but no known issues and everything is updated.
It’s the Anti-Malware from GOTMLS.NET security plugin, it’s caught threats (legit ones) before that Wordfence/securi and the others have missed.
He said this plugin ‘has had several breaches and leaks over the last few weeks’.
I did notice traffic with the Complianz tag on my analytics pertaining to the cookie consent option, which I haven’t seen before, so something could be wrong?
We just did a scan on Complianz with this same tool, and didn’t find any issues.
Can you try replacing the Complianz plugin with a fresh install from the wordpress repository, then running the scan again?
Possibly the plugin has been affected by another weakness on your site. Replacing the plugin with a clean version should resolve the issue then.
There’s only a string in this file. Don’t see how this could be a vulnerability.
If your security guy can be a bit more specific, we can look into that.
Ok thanks for the feedback
Closing this for now, as we can’t find any issues at the moment. If there is an actual issue, please don’t post it on a public forum, but report it here: