Title: Malicious Javascript Injection
Last modified: January 9, 2023

---

# Malicious Javascript Injection

 *  Resolved [Salvatore](https://wordpress.org/support/users/mistyanet/)
 * (@mistyanet)
 * [3 years, 5 months ago](https://wordpress.org/support/topic/malicious-javascript-injection/)
 * Hallo there,
 * We run the latest version of your plugin on our WooCommerce, we do our best to
   use always the latest version.
 * In the last few weeks we have started to receive reports from our users. They
   informed us that their antivirus software was reporting our site as infected.
 * Indeed, we found that in some cases there was external javascript on our site.
   As visible in this screenshot [https://shottr.cc/s/Wu21/SCR-20230109-nxw.png](https://shottr.cc/s/Wu21/SCR-20230109-nxw.png)
 * After lengthy analysis, we discovered that this javascript is injected by your
   plugin, via the option “iubenda_cookie_law_solution” which has somehow been overwritten
   with an eval
 * [https://shottr.cc/s/WzDz/SCR-20230109-nu0.png](https://shottr.cc/s/WzDz/SCR-20230109-nu0.png)
 * Cleaning up the “iubenda_cookie_law_solution” option the malicious javascript
   disappeared. Was it an old vulnerability? Is it safe to reactivate the plugin?

Viewing 1 replies (of 1 total)

 *  Plugin Author [iubenda](https://wordpress.org/support/users/iubenda/)
 * (@iubenda)
 * [3 years, 4 months ago](https://wordpress.org/support/topic/malicious-javascript-injection/#post-16362986)
 * Hi Salvatore,
 * Thank you for your detailed report!
 * Regarding the reports received by your users, we can assure you that if you’re
   using any version greater than 3.3.3 your website is safe. Please note that you
   may also encounter recent notices saying that more recent versions of our plugin
   still has a security vulnerability, but they are just incorrect statements.
 * For reference, you can find here a previous question about this topic: [https://wordpress.org/support/topic/security-vulnerability-and-versions/#post-16339942](https://wordpress.org/support/topic/security-vulnerability-and-versions/#post-16339942)
 * In particular, the links with the vulnerability reporting a wrong version were:
    1. [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/iubenda-cookie-law-solution/iubenda-357-reflected-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/iubenda-cookie-law-solution/iubenda-357-reflected-cross-site-scripting)
    2. [https://patchstack.com/database/vulnerability/iubenda-cookie-law-solution/wordpress-iubenda-plugin-3-5-7-reflected-xss-vulnerability](https://patchstack.com/database/vulnerability/iubenda-cookie-law-solution/wordpress-iubenda-plugin-3-5-7-reflected-xss-vulnerability)
 * As you can note, they deleted them, and the URL are not reachable. 
 * As said, the iubenda plugin had a vulnerability **prior** to v3.3.3, that** has
   been fixed with version 3.3.3 (or higher)** but we can’t confirm that your specific
   injection was caused by the previous vulnerability.
 * In any case, we recommend:
    - To review all the registered users with admin privilege/access on your website;
    - To clean plugin data/storage, you can click on “Plugin settings” ([https://prnt.sc/Il3wwMKKDM7w](https://prnt.sc/Il3wwMKKDM7w)),
      select “delete all plugin data upon deactivation” ([https://prnt.sc/jPPrEbu6IPaD](https://prnt.sc/jPPrEbu6IPaD)),
      then go back to the Plugins page ([https://prnt.sc/](https://prnt.sc/MpwE8xTfY-Za))
      [MpwE8xTfY](https://prnt.sc/MpwE8xTfY-Za))[-Za](https://prnt.sc/MpwE8xTfY-Za)))
      and disable our plugin;
    - Update our plugin to the latest version and reconfigure it;
 * Hope this helps!

Viewing 1 replies (of 1 total)

The topic ‘Malicious Javascript Injection’ is closed to new replies.

 * ![](https://ps.w.org/iubenda-cookie-law-solution/assets/icon-256x256.gif?rev=
   2728697)
 * [iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more](https://wordpress.org/plugins/iubenda-cookie-law-solution/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/iubenda-cookie-law-solution/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/iubenda-cookie-law-solution/)
 * [Active Topics](https://wordpress.org/support/plugin/iubenda-cookie-law-solution/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/iubenda-cookie-law-solution/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/iubenda-cookie-law-solution/reviews/)

## Tags

 * [javascript](https://wordpress.org/support/topic-tag/javascript/)

 * 2 replies
 * 2 participants
 * Last reply from: [iubenda](https://wordpress.org/support/users/iubenda/)
 * Last activity: [3 years, 4 months ago](https://wordpress.org/support/topic/malicious-javascript-injection/#post-16362986)
 * Status: resolved