Security Flaw found by Sucuri in plugin php exploit java.js

I would get in touch with them asap.

Let me know what you find out.

Hi Michele,

I just got your email and was about to respond. I believe this is a false positive as it’s saying there is a php exploit in a JavaScript file which I find hard to believe. The reason it’s probably seeing it as an exploit is because that JavaScript file is used by the third party code editor in the builder. It no doubt has things in it that look like non-js code.

Regardless, I will look into this to make sure nothing malicious is going on.

Thanks for the heads up!


Thanks Justin - I will let you know what Sucuri says as well.

I have just had a number of my sites come up with this same security warning from Sucuri. I do not think it is an issue and it looks like a false positive. But did you follow up any further with this Justin?



Hey John,

Thanks for asking. We haven’t heard back from them so I just followed up again. I’ll let you know when we do.


Hey Michele and John,

We just received this from Sucuri today. Everything appears to be ok.

We are aware that a new version of our scanner generated some false positives and we are addressing every one of them. As far as I can check Ace was whitelisted and should be available in the next update.


Thanks Justin.