CommandUI flagged as Malware by WordFence

Vic Dorfman

Hi there,

I wanted to bring to your attention that WordFence is currently flagging CommandUI as malware. I'm not sure if you're already aware of this, but I thought it might be helpful to share some details:

Suspected malware URL: wp-content/plugins/commandui/dist/plugins.16001-H2JQSQLU.js
Suspected malware URL: wp-content/plugins/commandui/dist/plugins.12001-QBT5PSYF.js
Suspected malware URL: wp-content/plugins/commandui/dist/plugins.8001-WLQ7O764.js
While our agency doesn’t have any concerns about this, it could definitely alarm our customers.

Edit: RC1 & RC2 tested only.

Looking forward to your feedback.

Best,

Calvin Alkan

Vic Dorfman

Yeah, this has come up already and keeps popping up because, WordFence...

It is a false positive in WordFence. You'll have to ignore it, there's nothing we can do, sadly (It's not even a PHP file).

The flagged file(s) just store cached data about plugins in the WordPress.org repository like their names, slugs, and homepages, and apparently WordFence doesn't like some of the URLs some plugins set as their homepage.

The last time I checked, the flagged URL looked completely legit and was from an active plugin in the repo.

Which one is flagged now?