[wp-trac] [WordPress Trac] #50295: malware report
WordPress Trac
noreply at wordpress.org
Mon Jun 1 16:12:06 UTC 2020
#50295: malware report
--------------------------+-----------------------------
Reporter: aerta | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.4.1
Severity: critical | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
Hi,
I have had half a dozen WP sites running the Blox theme and Padma themes
infected with malware in the last few days. The theme developers insist
that their themes aren't the cause, and the sites are hosted in two
separate hosting companies - who also deny vulnerability.
Common plugins are:
akismet, classic editor, easy smooth scroll links, foogallery, foobox
image lightbox, GDPR cookie consent banner, google xml sitemaps, imsanity,
jetpack, loginizer, responsive menu pro, unique title checker, velvet
blues, wordfence, yellow pencil pro, Yoast SEO, Padma services, padma
updater, layerslider, disable comments, disable gutenberg, mobile menu,
really simple ssl, widget content blocks, WP latest posts, disable
comments, layerslider WP, WP responsive menu.
Here are the reports from Wordfence. I'd be very grateful if you could
give me some idea how the malware is getting into these sites so that I
can stop it happening. Thanks, John
Critical Problems:
* File appears to be malicious: fdrdfu.php
* File appears to be malicious: wp-content/themes/bloxtheme/library
/visual-editor/scripts-src/deps/ckeditor/plugins/imageuploader/doc.php
* File appears to be malicious: ucjovrw.php
* File appears to be malicious: wp-content/themes/bloxtheme/library
/visual-editor/scripts-src/deps/ckeditor/plugins/imageuploader/doc.php
* File appears to be malicious: izbymjv.php
* File appears to be malicious: wp-content/themes/bloxtheme/library
/visual-editor/scripts-src/deps/ckeditor/plugins/imageuploader/doc.php
{HEX}php.cmdshell.egyspider.240 : /home/schoolof/public_html/wso2.php
* File appears to be malicious: khrgpjrm.php
* File appears to be malicious: wp-content/themes/bloxtheme/library
/visual-editor/scripts-src/deps/ckeditor/plugins/imageuploader/doc.php
* File appears to be malicious: doc.php
* File appears to be malicious: ognjlj.php
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50295>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list