SECURITY ISSUE – plugin added malware to my site

  • Resolved tonybaloney44

    (@tonybaloney44)


    9 months, 1 week ago

    Watch out

    This plugin may have been hacked.

    this is the code the plugin added to my site. Its intentionally made difficult in order to confuse. Check the code. Probably delete the plugin. Make sure it has permissions removed to create new users.

    eval(function(

    [snip by moderator — please do not post malware code]

Viewing 1 replies (of 1 total)
  • Plugin Author Diana Burduja

    (@diana_burduja)

    Hello @tonybaloney44,

    the plugin’s code doesn’t have any eval( in any file. You can check that by yourself. Download the plugin from www.remarpro.com and make an all-file search for the “eval” string.

    Currently we are not aware of any security breach in the plugin’s code that would allow someone to hack your website.

    The plugin has the explicit purpose to add CSS/JS/HTML codes to your website. But, if someone gained admin access to your website or hacked it, then the eval( JS code could’ve been added in any number of ways, for example by editing the files through the “WP Admin -> Appearance -> Theme Editor” page.

    I’d advise you to go through the server’s log files and search for the steps that could lead to someone hacking your website. If there is indeed a security issue in the plugin’s code itself, then don’t hesitate to let us know.

Viewing 1 replies (of 1 total)
  • The topic ‘SECURITY ISSUE – plugin added malware to my site’ is closed to new replies.

Tags