No3x
Thank you for the responce.
Wether you think its “ridiculous” of not, VaultPress is flagging the code as potentially harmful and thus it IS a problem regardless of your opinion.
Please send me a hash of the file to verify integrity. Maybe someone really put malicious code in there.
But I don’t think that’s the reason: Please refer to a similar topic https://wordpress.org/support/topic/security-risk-vaultpress/
I have tried your plugin again, hoping it was updated to avoid this security alert being presented my VaultPress.
Still VaultPress Immediately flags a section of your plugin as “Suspicion Code”
This is the file that is the specific file causing errors
/wp-content/plugins/wp-mail-logging/lib/vendor/pimple/pimple/src/Container.php
Starting at line 242
$extended = function ($c) use ($callable, $factory) {
return $callable($factory($c), $c);
};
What are your thoughts on this issue?
No3x
Thank you for the email.
I have positive reply from VaultPress staff.
Their reply follows:
I’ve taken a look at the security alert. I’ve also compared the file on your server with the file as provided from the plugin author, and it matches. This is a false positive, which I have ignored for you.
At times, plugin authors may use a style of writing code that is similar to what we see when someone is trying to hack a site. VaultPress errs on the side of caution and alerts to anything that may benefit from a second look.
Please let us know if you need any further assistance.
Cheers 🙂
Megan T.
Happiness Engineer
Jetpack | VaultPress | Akismet | Guided Transfer
Oh wow, they have access to your webserver?
I’m happy you could verify my statement about this from a 3rd party.
The VaultPress Staff have access to my VaultPress account which is where the file Alert is flagged.
They have the ability to verify backed up files on VaultPress and “ignore” any security alerts if it seems appropriate.
