Title: Malware? Last modified: March 22, 2020 --- # Malware? * Resolved [alex09](https://wordpress.org/support/users/asik09/) * (@asik09) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/) * Site redirects to a random site when I click on “Hand Washes”. * Issue is resolved when I disable this plugin * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmalware-113%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 15 replies - 1 through 15 (of 15 total) * Plugin Author [supsystic](https://wordpress.org/support/users/supsysticcom/) * (@supsysticcom) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12573345) * Hello. [@asik09](https://wordpress.org/support/users/asik09/) Thank you for contacting us regarding your question. We can’t reproduce this issue on our test servers. We follow link [http://hdhandcarwash.com/hand-washes/](http://hdhandcarwash.com/hand-washes/) and don’t see problems. Please give us more info about issue. * Best regards, Ole * [justinwollin](https://wordpress.org/support/users/justinwollin/) * (@justinwollin) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12592728) * Hello, * I’m not sure my previous reply/question has been deleted. But this plug-in has still be infected with Malware, and as it’s an important piece of my website, I need to resolve the issue as soon as possible. Can you please tell me if this issue is being looked at? * As I previously mentioned, my hosting company identified the problem as the following: * The following files were cleaned, hardened, or removed: * CLEARED: Cleared malware from database: wp_b18091dxsh_pts_tables.html, id = 8. Details: injected.js_malware.010. * Can you please provide some support regarding this issue. * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12593233) * The previous replies were deleted [@justinwollin](https://wordpress.org/support/users/justinwollin/) for publicly posting the malware code here, which is not allowed: [https://wordpress.org/support/welcome/#reporting-security-vulnerabilities](https://wordpress.org/support/welcome/#reporting-security-vulnerabilities) * Please either report this privately to the developer via [https://supsystic.com/contact-us/](https://supsystic.com/contact-us/) or to the Plugins Team: [https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/](https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/) * Meanwhile, carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/). When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/) and [start backing up your site](https://wordpress.org/support/article/wordpress-backups/). * Plugin Author [supsystic](https://wordpress.org/support/users/supsysticcom/) * (@supsysticcom) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12610779) * [@justinwollin](https://wordpress.org/support/users/justinwollin/) Contact our support team as soon as possible and we will study this problem and do our best to prevent it from happening again. * Best regards, Ole * [gspowart](https://wordpress.org/support/users/gspowart/) * (@gspowart) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12610788) * Just a note to say that I’ve found the same issue with this plugin on a site someone has asked me to look at. On pages with the shortcode it’s redirecting to a spammy site. * It’s not a site that we built so I don’t know much about it but I’m assuming this issue is down to an outdated version of this plugin (they’re running 1.6.8) and related to this (now fixed) vulnerability – [https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/](https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/) * [mattgorski117](https://wordpress.org/support/users/mattgorski117/) * (@mattgorski117) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12619472) * I am experiencing the EXACT same malware redirect. I had to disable plugin to disable the page redirect. I submitted a ticket as well. Has to be shortcode/ plugin related if this is effecting multiple sites. * [justinwollin](https://wordpress.org/support/users/justinwollin/) * (@justinwollin) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12619532) * Hi Ole, * I did contact your support team several days ago, but my message has yet to be acknowledged. I’m not sure if they’re working behind the scenes and have yet to reach out. I’m hoping this issue can be resolved so we can continue using the plugin. * Thanks, * Justin * [gspowart](https://wordpress.org/support/users/gspowart/) * (@gspowart) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12621529) * To follow up on my previous post, I cleaned up the site yesterday but updating the plugin isn’t enough because it makes changes within the database too. The effect the malware had on this was to (a) overwrite the pricing table with code that redirects any page that table is displayed on to a spammy site and (b) adds code to any new pricing tables that are added to create an admin user. * So to clear it up, you’ll need to: – update the plugin to the latest version– delete all the pricing tables and re-create them, or import it if you’re lucky to have a clean backup – delete any dodgy looking admin users that have been created (the two I saw were using [@gmail](https://wordpress.org/support/users/gmail/). com email addresses) * I don’t know if there’s any other damage this malware does, but this is what I’ve found so far. * [iantresman](https://wordpress.org/support/users/iantresman/) * (@iantresman) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12621948) * Pricing Table v1.8.1 (21.02.2020) and v1.8.2 (24.02.2020) both had security fixes for [XSS and CSRF vulnerabilities](https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/) that are consistent with this issue. I’m not sure whether my site was attacked before updating to the latest version. * Does anyone think their site was compromised after updating v1.8.2 (24.02.2020) or later? * [gspowart](https://wordpress.org/support/users/gspowart/) * (@gspowart) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12621964) * Not us – the site I was working on had version 1.6.8. * [flashpoint28](https://wordpress.org/support/users/flashpoint28/) * (@flashpoint28) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12628833) * [@supsysticcom](https://wordpress.org/support/users/supsysticcom/) * Faced the same issue and even after contacting the support did not receive any help. * The request number is 32946 which I received after sending my query on the contact form. * Plugin Author [supsystic](https://wordpress.org/support/users/supsysticcom/) * (@supsysticcom) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12632451) * > Not us – the site I was working on had version 1.6.8. * Fix was made in version 1.8.2 After that, the vulnerability was publicly published by the wordfence team. * > Faced the same issue and even after contacting the support did not receive > any help. > The request number is 32946 which I received after sending my query > on the contact form. * A ticket with this number was not found. Please make second request. Perhaps the security system didn’t work correctly when creating ticket. * Best regards, Ole * [flashpoint28](https://wordpress.org/support/users/flashpoint28/) * (@flashpoint28) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12637122) * [@supsysticcom](https://wordpress.org/support/users/supsysticcom/) * Sent another message through contact us form on the website and received an email with the request number 32989. Please check. * [collossi](https://wordpress.org/support/users/collossi/) * (@collossi) * [6 years, 2 months ago](https://wordpress.org/support/topic/malware-113/#post-12673448) * I had the same problem, I am deleting all tables created in the plugin. Before deleting the data I used the option to export tables and found the code that creates a user with administrator permissions. * [https://nimb.ws/cCAPm7](https://nimb.ws/cCAPm7) * Plugin Author [supsystic](https://wordpress.org/support/users/supsysticcom/) * (@supsysticcom) * [6 years, 1 month ago](https://wordpress.org/support/topic/malware-113/#post-12706658) * Unfortunately, old tables cannot be used if they were infected. Only two options: - Roll back the site before infection and update the plugin. - If this is not possible, recreate the tables again * Best regards, Ole Viewing 15 replies - 1 through 15 (of 15 total) The topic ‘Malware?’ is closed to new replies. * ![](https://ps.w.org/pricing-table-by-supsystic/assets/icon-256x256.png?rev=1240923) * [Pricing Table by Supsystic](https://wordpress.org/plugins/pricing-table-by-supsystic/) * [Frequently Asked Questions](https://wordpress.org/plugins/pricing-table-by-supsystic/#faq) * [Support Threads](https://wordpress.org/support/plugin/pricing-table-by-supsystic/) * [Active Topics](https://wordpress.org/support/plugin/pricing-table-by-supsystic/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pricing-table-by-supsystic/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pricing-table-by-supsystic/reviews/) ## Tags * [redirect link](https://wordpress.org/support/topic-tag/redirect-link/) * 15 replies * 9 participants * Last reply from: [supsystic](https://wordpress.org/support/users/supsysticcom/) * Last activity: [6 years, 1 month ago](https://wordpress.org/support/topic/malware-113/#post-12706658) * Status: resolved