If you have received within the past 48 hrs a notification such as this:
Updates were not installed for the following items: Website "/home/$username/public_html" (https://$domain.com): Failed to reset cache for the instance #1: WordPress Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.
it is likely because of an existing issue with WordPress Toolkit.
By default, the cPanel WordPress Toolkit plugin automatically checks your WordPress website daily for malware infection.
It turned out that as presently coded, WordPress Toolkit creates a false match if it could not verify WordPress file checksums via api.wordpress.org or if api.wordpress.org is unavailable or inaccessible.
For now, the workaround is as follows:
Log in to your cPanel.
Visit WordPress Toolkit.
You will see something like this:
Click on Check WordPress Integrity
Click the "Verify Checksum"
Once the checksum check is completed, you will see this:
Since we came online almost 4 years ago, our core goal has always been to offer a 24/7 managed hosting service.
We see this as the best way to assist customers so that they can focus on building your business.
For example, instead of digging around on how to create an email address, install/deploy a web application, or do basic hosting account tasks, all the customer has to do is open a ticket and ask our team to get that done.
This though was delivered as an optional additional paid service and add-on.
Today, we are making the same service available to all customers.
That is all hosting tiers will now receive the same level of support.
To continue providing this all-around 24 hrs technical support, we have added a Phoenix-based ISO 9001 & ISO 27001-certified, GDPR-compliant first responder team as additional engineers.
mPDF is a PHP library that generates PDF files from UTF-8 encoded HTML.
Chamilo uses this library to convert HTML to PDF.
It has been discovered that this can be abused in all 1.11.* versions by anyone able to edit the HTML (so with edition permissions) to trigger a Remote Code Execution vulnerability.
Softaculous, a 1-click app installer has released an update for Chamilo to patch this.
Customers installing new Chamilo applications will use the updated version.
While existing installations were not updated (since the current Chamilo version number is the same), Chamilo believes there are enough conditions and features in Chamilo to mitigate or remove this issue.
There is every reason to believe so as the team behind Chamilo LMS has a great track record for fixing reported security issues & publishing fixes prior to the official publication of the vulnerabilities on official sites.
So when the Chamilo team releases a new version (including the Chamilo 2.0 which is still in development), Softaculous will release the new version.
And existing users can then upgrade their installations to the latest version with the patch.