Knowledge Base support case for AllWebMenus, abstracted and stripped of all user’s private info.


Initial Email From: John
Initial Email Subject: Joomla 2.5 component and AllWebMenus are not compatible
Support Case Month: February 2012

Here is another problem I found which has to do with WordPress. 
Due to the number of sites that get hacked because of plugins written that allow echo in the php code which will allow a hacker to gain access through a php weakness.  I always recommend wp-security to people.  Problem is as you can see in this screenshot that AllWebMenus shows that it has a major weakness in the php script which could allow a hacker to hack the site.

wordpress security

Reply From: Likno Customer Support

Dear John,

I tried installing the “wp-security” and checking our plugin, but I was not able to do so. It seems that the plugin I got does not check other plugins.

Can you give me more info on (or a URL where I can get) this plugin? Is it the “WP Security Scan” aka “WSD security” or are you referring to some other plugin?

Still, I see from the screenshot that the problem found was the “eval” statements. I do not see how the specific eval statements that we have could be used as a security hole, and I have a feeling that the plugin just triggers an alert on the occurrence of the word “eval” regardless of how it is used. In this case, I would call this a “false-positive”.

In any case, if you give me more info I will be able to further investigate this issue.

Regards,
Kostas
Likno Customer Support
www.likno.com
Create any type of javascript menu (CSS menu, drop-down menu, sliding menu), button, html tree, modal window, tooltip, accordion, tab, scroller, jQuery slider or design for your websites!
Like us on Facebook – Follow us on Twitter

Reply From: John

Here is the plugin I am using:

http://wordpress.org/extend/plugins/wp-plugin-security-check/

Reply From: Likno Customer Support

Hello again,

I downloaded and checked this plugin and indeed it generates a warning on all our plugins because they use the “eval” function. This is in no way dangerous or a security threat if you use it correctly. The “security check plugin” however is extremely simplistic and the warning is triggered simply by the existence of the text “eval(“.

I am afraid that we cannot do something to avoid the warning, but I can assure you that it is a “false positive” and is in no way a threat for your security.

Regards,
Kostas
Likno Customer Support
www.likno.com
Create any type of javascript menu (CSS menu, drop-down menu, sliding menu), button, html tree, modal window, tooltip, accordion, tab, scroller, jQuery slider or design for your websites!
Like us on Facebook – Follow us on Twitter

 

Tags: , , , , , , , , , , , , , , , , ,