I get a security alert on your plugin Toolset

This thread is resolved. Here is a description of the problem and solution.

Problem:
You are trying to secure your website, but Defender Pro is indicating that there might be an issue with a file.
Solution:
We have previously encountered similar reports and have conducted a thorough analysis of the files in question, confirming they are false positives. We have contacted WPMU to have these files added to the allowlist. For now, it is safe to ignore these warnings. If this solution does not resolve your issue or seems outdated, we recommend checking related known issues at https://wpml.org/known-issues/, verifying the version of the permanent fix, and confirming that you have installed the latest versions of themes and plugins. If the problem persists, please do not hesitate to open a new support ticket at our support forum.

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Tagged: Exception

This topic contains 1 reply, has 2 voices.

Last updated by Mateus Getulio 3 months, 3 weeks ago.

Assisted by: Mateus Getulio.

Author	Posts
September 13, 2024 at 6:00 pm #16177310
ludovicM-11	Background of the issue: I am trying to secure my website. But Defender Pro is saying your file could have an issue; "We've uncovered suspicious code in /var/web/site/public_html/wp-content/plugins/types/vendor/toolset/toolset-common/toolset-forms/classes/submit.php. The red highlighted code is the flagged code. Note that these warnings can be false positives, so consult your developer before taking action." Plugin URL https://wp.org/plugins/types Location /var/web/site/public_html/wp-content/plugins/types/vendor/toolset/toolset-common/toolset-forms/classes/submit.php "define("CRED_WP_REF_FILE", "wp-blog-header.php");" Date added August 8, 2024 11:08 am Developer Please contact the plugin developer to fix this OnTheGoSystems Plugin state Active Symptoms: I get a security alert on your plugin Toolset Questions: Is the flagged code in the Toolset plugin a false positive? How can I secure my website given this alert from Defender Pro?
September 13, 2024 at 10:01 pm #16177887
Mateus Getulio Supporter Languages: English (English ) Portuguese (Brazil) (Português ) Timezone: America/Sao_Paulo (GMT-03:00)	Hello there, Welcome to our support. We've got a similar report here: https://toolset.com/forums/topic/defender-marks-submit-as-suspicious/ We conducted a thorough analysis on the files in question and confirmed they're false positives. We reached out to WPMU to get them added to the allowlist. For the time being it is safe to ignore them. Thank you for bringing it to our attention.