Hi Support,

I’ve started to get warning from JetPack Protect security scan as follows (I get 2 warnings on each site I have Matomo WordPress Plugin and JetPack Protect installed)

Is this anything I need to worry about?
Are you able to update the plugin to stop this warning in future?

Up to date on all WordPress, themes, plugins etc etc.
Tried removing the Matomo plugin (deleting all data) and reinstalling from plugins repository – scan throws the same warning.

Thank you

File contains malicious code: eagercache-502-tracker.php

A malware was found on your site. Please take immediate action.More

What did Jetpack find?

wordpresscore(.com) is a domain name that was used as part of an exploit to the Custom Content Type Manager plugin. This suspicious string that was found may or may not be related however. Further investigation may be required.

Sometimes the code is so heavily obfuscated that it's hard to tell what are the final intentions of it, however, Jetpack Scan team's experience allows them to pinpoint the most common indicators and alert when something is wrong.

The technical details

Threat found in file:/srv/htdocs/wp-content/uploads/matomo/tmp/cache/tracker/eagercache-502-tracker.php

1

<?php return unserialize('a:2:{s:8:"lifetime";i:1715317617;s:4:"data";a:296:{s:21:"PluginCoreVueMetadata";a:7:{s:11:"description";s:25:"CoreVue_PluginDescription";s:8:"homepage";s:19:"https://matomo.org/";s:7:"authors";a:1:{i:0;a:2:{s:4:"name";s:6:"Matomo";s:8:"homepage";s:19:"https://matomo.org/";}}s:7:"license";s:7:"GPL v3+";s:7:"version";s:5:"5.0.2";s:5:"theme";b:0;s:7:"require";a:0:{}}s:30:"PluginCorePluginsAdminMetadata";a:7:{s:11:"description";s:34:"CorePluginsAdmin_PluginDescription";s:8:... (truncated)

How to resolve or handle this detection?

Jetpack Scan cannot automatically fix this threat. We suggest that you resolve the threat manually: ensure that WordPress, your theme, and all of your plugins are up to date, and remove the offending code, theme, or plugin from your site.