Hi,
Avast send me an alert about the Script:SNH-gen Trojan, when I request my wordpress webpage.
Now I deactivated the plugin and add the CSS-Code manually and the alert don´t appear now.
Is there a WordPress vulnerabilityin a plugin yellow pencil on the file /public/animation-events.js? or is this a wrong alert!
Best regards
Heinz
The file /public/animation-events.js is a JavaScript file. which is not a typical location for a WordPress vulnerability.
WordPress vulnerabilities typically occur in PHP files, specifically in the core, themes, or plugins.
That being said, it’s possible that the file /public/animation-events.js could be vulnerable.
if it’s being used in a way that allows malicious code to be executed.
However, without more information about the context and the plugin itself, it’s difficult to say for certain.
Here are a few questions to help clarify:
The yellow pencil plugin?
Is this file part of the plugin’s source code, or is it being loaded from an external source?
To further investigate, I recommend checking the plugin’s documentation, version history,
and changelogs to see if there have been any reported vulnerabilities or updates related to this file.
It has been attacked since 2019: https://www.wordfence.com/blog/2019/04/zero-day-vulnerability-in-yellow-pencil-visual-theme-customizer-exploited-in-the-wild/. Read: https://www.wordfence.com/blog/2019/04/zero-day-vulnerability-in-yellow-pencil-visual-theme-customizer-exploited-in-the-wild/
Additionally, you can try using a security scanner or running a vulnerability scan on your website
to see if there are any potential issues with the file.
For instance, here: https://hackertarget.com/wordpress-security-scan/
The Script:SNH-gen Trojan detection is a red flag!
The yellow pencil plugin is a popular WordPress plugin, and it’s possible that the alert is related to a specific issue
or vulnerability in the plugin.
Also read here: https://www.securityweek.com/recently-disclosed-wordpress-plugin-flaws-exploited-malvertising-operation/
Script:SNH-gen Trojan is a generic detection name for a type of malicious script that can be used to inject malware, steal sensitive information, or perform other nefarious activities.
Here are some possible explanations:
Outdated Plugin Version: The yellow pencil plugin might be outdated, and a vulnerability has been discovered in an older version. Upgrading to the latest version might resolve the issue.
Malware Injection: Malware might have been injected into the plugin or website, potentially exploiting a vulnerability or using social engineering tactics.
False Positive: It’s possible that the detection is a false positive, meaning that the scan has incorrectly identified a legitimate file as malicious.
To further investigate:
Check the plugin version: Verify if you’re running the latest version of the yellow pencil plugin. Update it if necessary.
Scan Your Website Again: Run another scan with your antivirus software or a reputable security tool to confirm the detection.
Check for Malware: Use a malware scanner like Wordfence, MalCare, or Sucuri to scan your website for any malware infections.
Contact Yellow Pencil Support: Reach out to the yellow pencil plugin authors or support team to report the issue and ask for their assistance. Update Yellow Pencil: Make sure you’re running version 4.1.0 or later of the Yellow Pencil plugin.
Verify Your Website: Check your website for any signs of compromise or suspicious activity after updating the plugin.
Keep Your Plugins Up-to-Date: Regularly update your plugins, including Yellow Pencil, to ensure you have the latest security patches.
Then wait for a final verdict from the Avast team.
polonus (volunteer A.I.-assisted 3rd party cold-recon website-security-analyst and website error-hunter)