[wp-trac] [WordPress Trac] #50295: malware report
WordPress Trac
noreply at wordpress.org
Wed Jun 3 14:14:48 UTC 2020
#50295: malware report
--------------------------+------------------------------
Reporter: aerta | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by carike):
Although a vulnerability in core is always possible (which is why the
HackerOne reporting mechanism exists), it is usually far more likely that
the source of the malware is a plugin or a theme.
That is particularly true when the plugin or theme was not obtained from
the official WordPress.org repository / directory, respectively - which
appears to be the case here.
It becomes even more likely that a plugin or theme can contain malicious
code if you obtained that code from a nulled source (so a "free" version
not directly from the developer).
There are reputable companies out there that you can hire to find the
source of malware and to clean up your site. That may be an avenue you
may wish to consider.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50295#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list