Skip Navigation

[Resolved] Security Scans on my site using Wordfence

This support ticket is created 6 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Kolkata (GMT+05:30)

This topic contains 2 replies, has 3 voices.

Last updated by Minesh 6 years, 1 month ago.

Assisted by: Minesh.

Author
Posts
#1118336
Wordfence Scans.PNG

Hi, I ran a Wordfence scan and it's picked up a couple of critical concerns relating to a WooCommerce Types view as per the attached screen shot. Can you advise if I should be taking action on these files as a security risk?

#1118865

The usage of eval is explained here:
https://toolset.com/toolset-requirements/ > Eval
https://toolset.com/toolset-requirements/#eval-usage

Our plugins make safe use of the eval() function.

Now, in the file plugins/woocommerce-views/Class_WooCommerce_Views.php, there is no occurrence of that function at all,
hence either the Wordfence plugin made a mistake (it might be it picks up functions like wcviews_clear_all_func_conditional_eval as an eval, which it is not) there or you'd have corrupt files, which in that case could be replaced with a fresh copy from here:
https://toolset.com/account/downloads/

For security reports (for future reference) you should use this form:
https://toolset.com/report-security-vulnerability-issues/

#1118872

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Please follow the directions given by Beda in the previous reply and feel free to close the ticket.