Some false positives on a typical Wordpress installation

Napsty commented 2 years ago

Awesome work on this project, thank you @scr34m .

Some notes (FYI) when running through a hacked Wordpress document root. It found a lot of scripts other scanners were unable to find. But there are also a couple of false positives:

wp-admin/includes/class-pclzip.php -> Wordpress Core 6.0 -> 29f34168b7384cca58ba64885461e115
wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/Middleware.php -> Yoast SEO plugin 19.2 -> 178f2fbc6a48f605ed84b156103d5366
wp-content/plugins/wordpress-seo/admin/tracking/class-tracking-server-data.php -> Yoast SEO plugin 19.2 -> 1e2d246c57d2123aa8938c8263cb1d3d
wp-content/plugins/worker/src/MWP/ServiceContainer/Abstract.php -> managewp plugin 4.9.14 from managewp.com -> cacb5670ebb2de31976a4b2eb06cac86
wp-content/plugins/worker/src/MWP/Action/GetState.php -> managewp plugin 4.9.14 from managewp.com -> ffa76b9ff298702a733747521cfdee69
wp-includes/formatting.php -> Wordpress Core 6.0 -> a54895edc1402cf1b7b5ecd3f5d85e6b

cheers

scr34m commented 2 years ago

Yes some false positive can be found some rule needs this, but you can put them in the whitelist.txt with the md5 sum value, or if you can define the version on these plugins then i will download and add them to the pre defined list.

Napsty commented 2 years ago

awesome, thanks for the fast reply! I updated the description above.

scr34m commented 2 years ago

Thanks i will check the files and update the whitelist.

scr34m commented 2 years ago

Updated.

scr34m / php-malware-scanner

Some false positives on a typical Wordpress installation #76