Malware on site

  • Resolved lws-mo

    (@lws-mo)


    4 years, 3 months ago

    Hi there,

    today I had a specific problem on a customer website.

    There where multiple popups and iframes on the website which links to dubios sites.

    After deactivating all plugins and activating them one at a time, I found out that this plugin here was causing this.
    As soon as this plugin was activated I got pop-ups an iframes, if I deactivated this plugin, the malware was gone.

    As I dont find any info here on this support site I find that very strange.

    Has anybody else had any issues here?

Viewing 7 replies - 1 through 7 (of 7 total)

  • Yes – https://www.webarxsecurity.com/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/

    Can confirm. We had ‘norton’ appearing spam pop-ups in bottom right corner of our woocommerce product pages. Deactivating both the paid and original version of this plugin solved it. We’re relying on this plugin for a complex discount rule system per user. Very disappointing. I informed the host, WPEngine and they followed up with Sucuri. Please provide updates on resolution.

    Edit: It appears, from the webarx article this should have been patched on the 13th. I cannot confirm whether we were running the newest version at time of this error without some digital forensics. It was a flurry of updating and deactivating when this was discovered. Will update on functionality of new patch.

    • This reply was modified 4 years, 3 months ago by thefoyfoy.
    • This reply was modified 4 years, 3 months ago by thefoyfoy.
    Plugin Author flycart

    (@flycart)

    Hi

    Thank you for reaching out.
    The security issues found by the WEbARX team were fixed and updated in the 2.1.0 version.
    Please make sure that you are using the latest version of the plugin that comes with the security patches.

    Thanks

    Plugin Author flycart

    (@flycart)

    @lws-mo
    Further to the previous message:
    1. Please make sure you have updated to the latest version of the plugin.

    2. Please go to your WordPress dashboard -> WooCommerce -> Woo Discount Rules -> Settings

    In the Promotion section, please clear / empty the contents of these fields (The fields that had the Cross-Site Scripting (XSS) issue):

    Banner Content
    Applied rule message text on cart

    Save.

    Hope this helps.

    • This reply was modified 4 years, 3 months ago by flycart.

    I had the same problem and did a fresh fresh install of both free and PRO plugins. I then deleted the text in the Promotion section, but I’m not sure what the “Applied rule message text on cart” part is in reference to. Can you please provide some clarification?

    Thanks!

    Plugin Author flycart

    (@flycart)

    @kellymarie2001

    Thank you for reaching out.
    We are referring to this field:
    https://www.evernote.com/l/Ajw0pQNePdlFYKTawnoKfyEvtDkG_xaTknc

    You can check all the settings fields in general and if you see any unknown banner codes or scripts, please clear / delete / remove it completely and then Save the Settings.

    This will resolve the issue.

    If you need any help with it, please open a ticket at our support page. Our support engineers are happy to assist you with resolving the issue.

    Whether you are using the free version or the PRO version, it does not matter for requesting support. Do reach out to us and we are happy to help you out.

    Thanks

    Plugin Author flycart

    (@flycart)

    Since the issue has been resolved in the 2.1.x and later versions, we are marking the thread resolved.
    Please feel free to open a support ticket if you have any further issues.
    Thank you once again for all the support from WP Community.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Malware on site’ is closed to new replies.