Knowledge Base support case for AllWebMenus, abstracted and stripped of all user’s private info.

Support Case Month: March 2012

Initial Email From: John

Here is a problem I found which has to do with WordPress. 

Due to the number of sites that get hacked because of plugins written that allow echo in the php code which will allow a hacker to gain access through a php weakness.  I always recommend wp-security to people.

Problem is as you can see in this screenshot that AllWebMenus shows that it has a major weakness in the php script which could allow a hacker to hack the site.

wordpress menu plugin
Thank-You,

John

Reply From: Likno Customer Support

Dear John,

I tried installing the “wp-security” and checking our plugin, but I was not able to do so. It seems that the plugin I got does not check other plugins.

Can you give me more info on (or a URL where I can get) this plugin? Is it the “WP Security Scan” aka “WSD security” or are you referring to some other plugin?

Still, I see from the screenshot that the problem found was the “eval” statements. I do not see how the specific eval statements that we have could be used as a security hole, and I have a feeling that the plugin just triggers an alert on the occurrence of the word “eval” regardless of how it is used. In this case, I would call this a “false-positive”.

In any case, if you give me more info I will be able to further investigate this issue.

Best Regards,
Kostas
Likno Customer Support
www.likno.com
Create any type of javascript menu (CSS menu, drop-down menu, sliding menu), button, html tree, modal window, tooltip, accordion, tab, scroller, jQuery slider) or design for your websites!

Reply From: John

Here is the plugin I am using:
http://wordpress.org/extend/plugins/wp-plugin-security-check/

Select WP Plugin Security Check

WP Plugin Security Check

Deactivate | Edit

WP Plugin Security Check checks if your WordPress plugins are 'safe'.

Version 0.4 | By Luc De Brouwer | Visit plugin site

Thank-You,

John Boone

Reply From: Likno Customer Support

Hello again,

I downloaded and checked this plugin and indeed it generates a warning on all our plugins because they use the “eval” function. This is in no way dangerous or a security threat if you use it correctly. The “security check plugin” however is extremely simplistic and the warning is triggered simply by the existence of the text “eval(“.

I am afraid that we cannot do something to avoid the warning, but I can assure you that it is a “false positive” and is in no way a threat for your security. So, you can use our wordpress menus without any worries.

Regards,
Kostas
Likno Customer Support
www.likno.com
Create any type of javascript menu (CSS menu, drop-down menu, sliding menu), button, html tree, modal window, tooltip, accordion, tab, scroller, jQuery slider) or design for your websites!