Injection in functions.php and admin.php

  • akcl

    (@akcl)


    6 years, 4 months ago

    Hi dear plugin developer – I’ve checked the code of your plugin and I can see the following extra files there:

    admin/class.plugin-modules.php
    includes/class.plugin-modules.php

    Both files contain just the following code:

    <?php error_reporting(0);?>

    These files added as inclusions in the following files:

    ===

    /admin/admin.php
    /includes/functions.php

    ===


    <?php if (file_exists(dirname(__FILE__) . ‘/class.plugin-modules.php’)) include_once(dirname(__FILE__) . ‘/class.plugin-modules.php’); ?>

    Usually, this happens when attackers plan to use that class.plugin-modules.php later to append some malicious code there.
    Can you please clear the code of those injections on top of the files?
    Thank you 🙂

The topic ‘Injection in functions.php and admin.php’ is closed to new replies.