Security Plugin, Firewall, Malware Scanner & Removal

{
    "slug": "security-malware-firewall",
    "finding_count": 13,
    "findings": [
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Mathematics.php",
            "line": 47,
            "snippet": "$math_result = eval('return ' . $expression_string . ';');",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Transformations.php",
            "line": 44,
            "snippet": "$data = base64_decode((string)$this->tokens->next2->value);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/Modules/Transformations.php",
            "line": 52,
            "snippet": "$data = gzinflate((string)$this->tokens->next2->value);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5017,
            "snippet": "'title' => 'eval()',",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5018,
            "snippet": "'desc'  => __('The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged.', 'security-malware-firewall')",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5022,
            "snippet": "'desc'  => __('This function internally performs an eval() and as such has the same security issues as eval().', 'security-malware-firewall')",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5077,
            "snippet": "'title' => 'eval()',",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5078,
            "snippet": "'desc'  => __('The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged.', 'security-malware-firewall')",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5082,
            "snippet": "'desc'  => __('This function internally performs an eval() and as such has the same security issues as eval().', 'security-malware-firewall')",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5065,
            "snippet": "'title' => 'base64_decode()',",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5125,
            "snippet": "'title' => 'base64_decode()',",
            "confidence": "medium"
        },
        {
            "pattern": "createfunc",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5021,
            "snippet": "'title' => 'create_function()',",
            "confidence": "medium"
        },
        {
            "pattern": "createfunc",
            "kind": "builtin",
            "file": "inc/spbc-settings.php",
            "line": 5081,
            "snippet": "'title' => 'create_function()',",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "36d074d34e550dcf8805d7bcc4c5af2fb134d94f"
}

{
    "slug": "security-malware-firewall",
    "active_installs": 30000,
    "critical_matches": 5,
    "high_matches": 1,
    "lookback_days": 90,
    "sample_threads": [
        {
            "title": "Scanning isn’t completing",
            "date": "2026-04-30 14:37:52",
            "url": "https://wordpress.org/support/topic/scanning-isnt-completing/",
            "starter": "tanmay kumar das",
            "keyword": "malware"
        },
        {
            "title": "Front end malware found",
            "date": "2026-04-19 08:58:01",
            "url": "https://wordpress.org/support/topic/front-end-malware-found/",
            "starter": "costaman16",
            "keyword": "malware"
        },
        {
            "title": "Malware Error",
            "date": "2026-04-13 17:26:04",
            "url": "https://wordpress.org/support/topic/malware-error-3/",
            "starter": "stratpoint",
            "keyword": "malware"
        },
        {
            "title": "How ro turn off Brute Force Protection and use malware scanner only",
            "date": "2026-04-03 15:18:37",
            "url": "https://wordpress.org/support/topic/how-ro-turn-off-brute-force-protection-and-use-malware-scanner-only/",
            "starter": "costaman16",
            "keyword": "malware"
        },
        {
            "title": "CleanTalk Security triggers security issues with hoster",
            "date": "2026-02-27 09:19:29",
            "url": "https://wordpress.org/support/topic/cleantalk-security-triggers-security-issues-with-hoster/",
            "starter": "highperformerteams",
            "keyword": "infected"
        },
        {
            "title": "Vulnerable Plug-in Astra emails from CleanTalk",
            "date": "2026-04-21 09:11:30",
            "url": "https://wordpress.org/support/topic/vulnerable-plug-in-astra-emails-from-cleantalk/",
            "starter": "rapunzel2026",
            "keyword": "compromis"
        }
    ],
    "explanation": "Cluster of support-forum threads in the last 90 days containing user-reported attack vocabulary. Critical when any thread mentions explicit compromise terms (hacked / backdoor / admin user added); high when two or more mention symptom-class terms (redirect to spam / vendor alerts)."
}

{
    "slug": "security-malware-firewall",
    "committer_slug": "antonv1",
    "committer_display_name": "anton_cleantalk",
    "committer_employer": null,
    "committer_member_since": "2024-04-04",
    "committer_first_commit": "2024-07-10 05:27:17",
    "committer_commit_count": 18,
    "plugin_listed_author": "cleantalk",
    "earliest_plugin_commit": "2019-06-11 12:58:45",
    "plugin_age_at_join_days": 1855,
    "committer_age_at_join_days": 97,
    "active_installs": 30000
}

{
    "slug": "security-malware-firewall",
    "committer_slug": "artemacleantalk",
    "committer_display_name": "artemacleantalk",
    "committer_employer": null,
    "committer_member_since": "2022-06-23",
    "committer_first_commit": "2022-09-20 09:04:17",
    "committer_commit_count": 29,
    "plugin_listed_author": "cleantalk",
    "earliest_plugin_commit": "2019-06-11 12:58:45",
    "plugin_age_at_join_days": 1196,
    "committer_age_at_join_days": 89,
    "active_installs": 30000
}

{
    "slug": "security-malware-firewall",
    "committer_slug": "sergefcleantalk",
    "committer_display_name": "sergefcleantalk",
    "committer_employer": null,
    "committer_member_since": "2023-10-06",
    "committer_first_commit": "2023-11-08 08:09:40",
    "committer_commit_count": 11,
    "plugin_listed_author": "cleantalk",
    "earliest_plugin_commit": "2019-06-11 12:58:45",
    "plugin_age_at_join_days": 1610,
    "committer_age_at_join_days": 33,
    "active_installs": 30000
}