Malicious Files in Ultimate Members Plugin

  • Resolved Vishwas

    (@vishwasbecs)


    6 years, 3 months ago

    I have been receiving mail from service provider stating malicious files found. The path says ‘domain/wp-content/uploads/ultimatemember/temp/8qf025jZ2yu9awfbYIxK4JWpQWoOYOsfZZuWHxqY/n.php’ and few more folders within temp under uploads/ultimatemember.

    I was using V2.0.21 and updated it to v2.1.23. Was that an issue in v2.0.21? If so pls confirm. If not, can you kindly have a look at the issue and resolve ASAP?

    Regards,
    Vishwas R

Viewing 9 replies - 16 through 24 (of 24 total)

  • I was also having this same issue. The UM vulnerability affected a total of 4 sites on my server. Not good. That said, I seem to have fixed everything.

    For those affected, see this info:
    https://stackoverflow.com/a/51835741/163906

    Thread Starter Vishwas

    (@vishwasbecs)

    @ultimatemembersupport its the same issue as mentioned in this stackoverflow thread shared by @batfan. All the sites hosted in that server got infected and was getting redirected. header.php of all the themes had a malicious script that was adding redirect. Removing those lines and updating Ultimate Member plugin to v2.0.23 resolved the issue.

    • This reply was modified 6 years, 3 months ago by Vishwas.

    Bonjour,

    My site is using version 2.0.24 of Ultimate Member. The anomaly is always present.If you need to do something special, thank you for your return.

    Pascal

    Same issue here. The malware struck thru this plugin and infected the rest of my sites on my Siteground server. I’ve replaced wp-includes folder 5 days in a row… the malware reached woocommerce js files & theme js files. It strikes thru a non-specific jquery callout, and opens cdn.allyouwant.online up for a direct port to update the malware. Here’s the write-up from 8/22/18: https://blog.sucuri.net/2018/08/massive-wordpress-redirect-campaign-targets-vulnerable-tagdiv-themes-and-ultimate-member-plugins.html. The article says TwentySeventeen noticed the infection and was corrected with an update. However, I found the injected code in this file: /wp-content/themes/twentyseventeen/assets/js/jquery.scrollTo.js just now & my site(s) have the most current theme. I don’t even have that activated, but it resides on the server, so it still apparently can attack the site.

    I developped a small code to clean all files infected. It works on my server, all works good now.

    Code is on github : https://github.com/Empuria/fix-wordpress-ultimate-member-malware

    Please read first the readme file.

    Dear Empuria,
    Thnaks for sharing your work.
    Can you tell me where I should place it and How I can activate it ?
    Thanks again
    Fanny

    Apologies for not responding sooner.
    The intrusion to our website caused a redirection to a Canadian pharmacy selling Viagra!
    It did affect our file system, but we seem all OK now.

    bangaloredeveloper

    (@bangaloredeveloper)

    i experienced similar kind of issue when i hosted most of my clients websites with godaddy (basic php plan) never tried with wordpress plan,
    please have professionals to find the root cause, only host can have access to change permissions.

    We are having this same issue right now. Can we please get an update. We just noticed it today, and have tried everything.

Viewing 9 replies - 16 through 24 (of 24 total)
  • The topic ‘Malicious Files in Ultimate Members Plugin’ is closed to new replies.