Replies: 0
Hi
Since updating to version 1.36.0 we’re seeing lots of warnings from our PHP Malware scanner about a possible shell backdoor. We’ve investigated, and it’s these files:
- addons/pro/googlesheet/lib/external/vendor-prefixed/symfony/console/Application.php
- addons/pro/googlesheet/lib/external/vendor-prefixed/symfony/console/Cursor.php
- addons/pro/googlesheet/lib/external/vendor-prefixed/symfony/console/Terminal.php
- addons/pro/googlesheet/lib/external/vendor-prefixed/symfony/console/Helper/QuestionHelper.php
Although we can configure our scanner to ignore these files, I would rather check to see if this “console” dependency is really needed in a WP back-end plugin. Can you please investigate, and hopefully remove this symfony/console dependency?
For now, we will revert Forminator to an earlier version.
Paul