Knowledge Base support case for AllWebMenus, abstracted and stripped of all user’s private info.
Support Case Month: March 2012
Initial Email From: John
Here is a problem I found which has to do with WordPress.
Due to the number of sites that get hacked because of plugins written that allow echo in the php code which will allow a hacker to gain access through a php weakness. I always recommend wp-security to people.
Problem is as you can see in this screenshot that AllWebMenus shows that it has a major weakness in the php script which could allow a hacker to hack the site.
Thank-You,
John
Reply From: Likno Customer Support
Dear John,
I tried installing the “wp-security” and checking our plugin, but I was not able to do so. It seems that the plugin I got does not check other plugins.
Can you give me more info on (or a URL where I can get) this plugin? Is it the “WP Security Scan” aka “WSD security” or are you referring to some other plugin?
Still, I see from the screenshot that the problem found was the “eval” statements. I do not see how the specific eval statements that we have could be used as a security hole, and I have a feeling that the plugin just triggers an alert on the occurrence of the word “eval” regardless of how it is used. In this case, I would call this a “false-positive”.
In any case, if you give me more info I will be able to further investigate this issue.
Best Regards,
Kostas
Likno Customer Support
www.likno.com
Create any type of javascript menu (CSS menu, drop-down menu, sliding menu), button, html tree, modal window, tooltip, accordion, tab, scroller, jQuery slider) or design for your websites!
Reply From: John
Here is the plugin I am using:
http://wordpress.org/extend/plugins/wp-plugin-security-check/
|
Select WP Plugin Security Check |
WP Plugin Security Check |
WP Plugin Security Check checks if your WordPress plugins are 'safe'. Version 0.4 | By Luc De Brouwer | Visit plugin site |
Thank-You,
John Boone
Reply From: Likno Customer Support
Hello again,
I downloaded and checked this plugin and indeed it generates a warning on all our plugins because they use the “eval” function. This is in no way dangerous or a security threat if you use it correctly. The “security check plugin” however is extremely simplistic and the warning is triggered simply by the existence of the text “eval(“.
I am afraid that we cannot do something to avoid the warning, but I can assure you that it is a “false positive” and is in no way a threat for your security. So, you can use our wordpress menus without any worries.
Regards,
Kostas
Likno Customer Support
www.likno.com
Create any type of javascript menu (CSS menu, drop-down menu, sliding menu), button, html tree, modal window, tooltip, accordion, tab, scroller, jQuery slider) or design for your websites!
Tags: eval, Menu, plugin, wordpress, wordpress menu, wordpress plugin