Issue
Imunify360 incorrectly flags and removes the following legitimate Elementor Pro file as malware:
wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/archive-description.php
-
Signature:
SMW-BLKH-20383281-php.bkdr.fakeplugin.wp -
File hash (MD5):
f58704c4632fa6fc03cc40ac7b9b1873
This is a confirmed false positive. The file is a standard Elementor Pro core class (Archive_Description dynamic tag, 46 lines, no obfuscation) and is byte-identical across multiple Elementor Pro versions. The detection causes the file to be quarantined or deleted, breaking Elementor Pro functionality across affected sites.
Environment
- Imunify360
- WordPress
- Elementor Pro (versions 4.0.1–4.1.3)
Solution
This false positive has been resolved. The file hash has been removed from the Aibolit blacklist, and the Cloud Application Security (CAS) verdicts have been cleared.
The fix propagates automatically. Imunify360 Malware Scanner will revert the false-positive detection and restore any quarantined files without manual intervention. There is no need to reinstall Elementor Pro.
To force an immediate signature database update, run the following commands on your server:
wget -O imunify-force-update.sh https://repo.imunify360.cloudlinux.com/defence360/imunify-force-update.sh bash imunify-force-update.sh
If you continue to observe this detection after the update propagates, open a new support ticket.
Cause
The Elementor Pro file archive-description.php was incorrectly included in the Aibolit malware signature database under signature SMW-BLKH-20383281-php.bkdr.fakeplugin.wp. The file is a legitimate plugin component with no malicious code.
Useful links
- Internal task
DEFA-11978 - How to submit a false positive/negative result
Comments
0 comments
Please sign in to leave a comment.