Skip Navigation

[Resolved] security plugin says "Suspicious function found" in some Toolset php files

This support ticket is created 5 years, 4 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 -
- 13:00 – 18:00 13:00 – 18:00 13:00 – 18:00 14:00 – 18:00 13:00 – 18:00 -

Supporter timezone: America/Jamaica (GMT-05:00)

Tagged: 

This topic contains 4 replies, has 3 voices.

Last updated by Beda 5 years, 2 months ago.

Assisted by: Shane.

Author
Posts
#1324541

This is a security report, all content was safely copied to internal documents, and removed from the public for safety reasons.

#1324617

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Private fields

#1327939

Hello Anthony and Shane, I deleted (trashed) the conversation in the ticket due to security reasons, this is why you will not see the single replies here anymore.

We have all the data that is required and was submitted in the report safely saved on our end and will analyze the issue and eventually adjust what needs to be adjusted with the adequate priority.

Thank you for your patience and understanding.

#1327947

I appreciate everyone's attention to this issue and trust that it will get handled appropriately.

Have a good day, everyone!

#1353921

Hello - I'd like to inform, that we (our developers) have taken several measures to address the reported issues.
All adjustments will be released within upcoming releases of the affected plugins. I can't state ETA's about, but it will be in the subsequent released for the plugins related.
There still may be some false alarms left (especially in the embedded Twig library) but these have been reviewed by us (again, the developers 🙂 ) and we didn't see any actual vulnerabilities for those left over.

We also contacted with WPMU DEV Defender and their Developers in turn have made some changes to the code of the plugin to handle alarms (and false alarms) better.
As well there the updates are due within next releases.

Thank you for reporting the issue to us, and for your patience.
We appreciate it and it helps improving the plugins.