Script:SNH-gen Trojan false alert?

Hi,
Avast send me an alert about the Script:SNH-gen Trojan, when I request my wordpress webpage.
Now I deactivated the plugin and add the CSS-Code manually and the alert don´t appear now.
Is there a WordPress vulnerabilityin a plugin yellow pencil on the file /public/animation-events.js? or is this a wrong alert!
Best regards
Heinz

The file /public/animation-events.js is a JavaScript file. which is not a typical location for a WordPress vulnerability.

WordPress vulnerabilities typically occur in PHP files, specifically in the core, themes, or plugins.

That being said, it’s possible that the file /public/animation-events.js could be vulnerable.
if it’s being used in a way that allows malicious code to be executed.
However, without more information about the context and the plugin itself, it’s difficult to say for certain.

Here are a few questions to help clarify:

The yellow pencil plugin?
Is this file part of the plugin’s source code, or is it being loaded from an external source?

To further investigate, I recommend checking the plugin’s documentation, version history,
and changelogs to see if there have been any reported vulnerabilities or updates related to this file.

It has been attacked since 2019: https://www.wordfence.com/blog/2019/04/zero-day-vulnerability-in-yellow-pencil-visual-theme-customizer-exploited-in-the-wild/. Read: https://www.wordfence.com/blog/2019/04/zero-day-vulnerability-in-yellow-pencil-visual-theme-customizer-exploited-in-the-wild/

Additionally, you can try using a security scanner or running a vulnerability scan on your website
to see if there are any potential issues with the file.
For instance, here: https://hackertarget.com/wordpress-security-scan/

The Script:SNH-gen Trojan detection is a red flag!

The yellow pencil plugin is a popular WordPress plugin, and it’s possible that the alert is related to a specific issue
or vulnerability in the plugin.
Also read here: https://www.securityweek.com/recently-disclosed-wordpress-plugin-flaws-exploited-malvertising-operation/

Script:SNH-gen Trojan is a generic detection name for a type of malicious script that can be used to inject malware, steal sensitive information, or perform other nefarious activities.

Here are some possible explanations:

Outdated Plugin Version: The yellow pencil plugin might be outdated, and a vulnerability has been discovered in an older version. Upgrading to the latest version might resolve the issue.
Malware Injection: Malware might have been injected into the plugin or website, potentially exploiting a vulnerability or using social engineering tactics.
False Positive: It’s possible that the detection is a false positive, meaning that the scan has incorrectly identified a legitimate file as malicious.
To further investigate:

Check the plugin version: Verify if you’re running the latest version of the yellow pencil plugin. Update it if necessary.
Scan Your Website Again: Run another scan with your antivirus software or a reputable security tool to confirm the detection.
Check for Malware: Use a malware scanner like Wordfence, MalCare, or Sucuri to scan your website for any malware infections.
Contact Yellow Pencil Support: Reach out to the yellow pencil plugin authors or support team to report the issue and ask for their assistance. Update Yellow Pencil: Make sure you’re running version 4.1.0 or later of the Yellow Pencil plugin.
Verify Your Website: Check your website for any signs of compromise or suspicious activity after updating the plugin.
Keep Your Plugins Up-to-Date: Regularly update your plugins, including Yellow Pencil, to ensure you have the latest security patches.

Then wait for a final verdict from the Avast team.

polonus (volunteer A.I.-assisted 3rd party cold-recon website-security-analyst and website error-hunter)