Malware or False Positive? | WordPress.org

Hi @dcart87,

If you can edit the URL, could you remove it (from this forum)? We will have a look.

Which malware scan did you use?

regards Aert

This is a false positive: The version of the included MPDF library is 8.1, there is no known vulnerability in the latest MPDF version.

Sorry yes, Ive removed it. My security guy has said it’s a compromise, I’m having him clean the site now.

This is a false positive: The version of the included MPDF library is 8.1, there is no known issue in the latest MPDF version.

Hi @dcart87,

Could you also explain which malware scan flagged this? We ran some tests, and checked the library, but no known issues and everything is updated.

regards Aert

It’s the Anti-Malware from GOTMLS.NET security plugin, it’s caught threats (legit ones) before that Wordfence/securi and the others have missed.

He said this plugin ‘has had several breaches and leaks over the last few weeks’.

I did notice traffic with the Complianz tag on my analytics pertaining to the cookie consent option, which I haven’t seen before, so something could be wrong?

We just did a scan on Complianz with this same tool, and didn’t find any issues.

Can you try replacing the Complianz plugin with a fresh install from the wordpress repository, then running the scan again?

Possibly the plugin has been affected by another weakness on your site. Replacing the plugin with a clean version should resolve the issue then.

Please check this file:
https://github.com/Really-Simple-Plugins/complianz-gdpr/blob/master/assets/vendor/mpdf/mpdf/data/patterns/sv.php

There’s only a string in this file. Don’t see how this could be a vulnerability.

If your security guy can be a bit more specific, we can look into that.

Ok thanks for the feedback

Closing this for now, as we can’t find any issues at the moment. If there is an actual issue, please don’t post it on a public forum, but report it here:

https://developer.projectdmc.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Your Advertisement Here