Security Scans on my site using Wordfence

This support ticket is created 6 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	-
-	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	-

Supporter timezone: Asia/Kolkata (GMT+05:30)

Tagged: Views, Views plugin

This topic contains 2 replies, has 3 voices.

Last updated by Minesh 6 years, 1 month ago.

Assisted by: Minesh.

Author

Posts

October 1, 2018 at 1:56 pm #1118336

lukeM-7

Hi, I ran a Wordfence scan and it's picked up a couple of critical concerns relating to a WooCommerce Types view as per the attached screen shot. Can you advise if I should be taking action on these files as a security risk?

October 2, 2018 at 5:28 am #1118865

Beda

The usage of eval is explained here:
https://toolset.com/toolset-requirements/ > Eval
https://toolset.com/toolset-requirements/#eval-usage

Our plugins make safe use of the eval() function.

Now, in the file plugins/woocommerce-views/Class_WooCommerce_Views.php, there is no occurrence of that function at all,
hence either the Wordfence plugin made a mistake (it might be it picks up functions like wcviews_clear_all_func_conditional_eval as an eval, which it is not) there or you'd have corrupt files, which in that case could be replaced with a fresh copy from here:
https://toolset.com/account/downloads/

For security reports (for future reference) you should use this form:
https://toolset.com/report-security-vulnerability-issues/

October 2, 2018 at 5:46 am #1118872