Hi,
I am the developer of Leaflet Maps Marker (free version) respectively Maps Marker Pro (premium version, mapsmarker.com). A user reported that a Wordfence scan showed a critical warning within my pro plugin-file leaflet-core.php:
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: \cf5 "str_replace("www.","",$O1i); \} function wildcard_server_hostname($O1i) \{ $hostname=explode(".",$O1i); unset ($hostname[0]); $hostname=(! isset ($hostname[1])) ? array($O1i): $hostname; return "\52\56".implode("\56",$hostname); \} function extract_access_set($instances,$enforce) \{ foreach ($instances as $O1i => $instance) \{ if ($O1i != $enforce) \{ continue; \} return $instance; \} return array(); \} function O1e($l1b) \{ $l1g=$this->O1g($l1b); $l1h=$this->O1h($l1g); if (! isset ($l1h[1])) \{ return $this->Ov =$this->O18["\\154ocal_key\\137\\164\\141mpering"]; \} if (md5($this->Ou.$l1h[0]) != $l1h[1]) \{ return $this->Ov =$this->O18["\\154\\157cal_key_tamp\\145\\162\\151ng"]; \} unset ($this->Ou); $Ow=unserialize($l1h[0]); $instance=$Ow["instance"]; unset ($Ow["instance"]); $enforce=$Ow["enforce"]; unset ($Ow["\\145nforce"]); $this->Ow =$Ow; if ( (string) $Ow["license_key_s\\164\\162ing"] != (string) $this->lu) \{ return $this->Ov =$this->O18["license_key\\137\\163\\164ring_mism\\141\\164ch"]; \} if ( (string) $Ow["s\\164\\141\\164us"] != "active") \{ return $this->Ov =$this->O18[$Ow["\\163\\164atus"]]; \} if ( (string) $Ow["\\154icense_expire\\163"] != "\\156\\145ver" && (int) $Ow["\\154icense_expires"]Ov =$this->O18["\\145xpired"]; \} if ( (string) $Ow["lo\\143\\141\\154_key_expire\\163"] != "\\156\\145ver" && (int) $Ow["\\154\\157cal_key_expir\\145\\163"]l1j($l1b,$Ow["\\154ocal_key_expires"])<0) \{ $this->l1l(TRUE); return $this->validate(); \} \} if ($this->l18 && (int) $Ow["\\144ownload_access_ex\\160\\151\\162es"]la)) \{ return $this->Ov =$this->O18["download_access_\\145\\170\\160ired"]; \} $conflicts=array(); $O1l=$this->l1m(); foreach ( (array) $enforce as $O1i) \{ $O1k=$this->extract_access_set($instance,$O1i); if (!$this->l1k($O1l[$O1i],$O1k)) \{ $conflicts[$O1i]=TRUE; if (in_array($O1i,array("ip","server_ip"))) \{ foreach ($this->wildcard_ip($O1l[$O1i]) as $ip) \{ if ($this->l1k($ip,$O1k)) \{ unset ($conflicts[$O1i]); break; \} \} \} elseif (in_array($O1i,array("domain"))) \{ if ($this->l1k($this->wildcard_domain($O1l[$O1i]),$O1k)) \{ unset ($conflicts[$O1i]); \} \} elseif (in_array($O1i,array("s\\145\\162ver_hostname"))) \{ if ($this->l1k($this->wildcard_server_hostname($O1l[$O1i]),$O1k)) \{ unset ($conflicts[$O1i]); \} \} \} \} if (!empty($conflicts)) \{ return $this->Ov =$this->O18["\\154ocal_key_inv\\141\\154\\151d_for_l\\157\\143\\141tion"]; \} \} function O1b() \{ $le=array(); if (is_array($this->Os)) \{ $le=$this->Os; \} else \{ $query=@mysql_query($this->Os); if ($mysql_error=mysql_error()) \{ return $this->Ov = "\\105rror: \{$mysql_error\}"; \} $le=@mysql_fetch_assoc($query); if ($mysql_error=mysql_error()) \{ return $this->Ov = "\\105\\162ror: \{$mysql_error\}"; \} \} if (!$le["local_key"]) \{ $le["\\154ocal_key"]=$this->O1m(); if ($this->Ov) \{ return $this->Ov; \} $this->O1d($le["l\\157\\143\\141l_key"]); \} return $this->O17 =$le["\\154\\157cal_key"]; \} function O1d($l1b) \{ if (is_array($this->lt)) \{ $l1n=$this->lt["function"]; return $l1n("\cf3 .}
Well, not every obfuscated code has been installed by a hacker - in my case it is used intentionally to protect the pro users licenses.
Is there a way you can add my pro plugin to a whitelist or something similar?
thx,
Robert