Title: [Plugin: CSV Importer] WARNING!!! iFrame Injection issue with CSV plugin
Last modified: August 20, 2016

---

# [Plugin: CSV Importer] WARNING!!! iFrame Injection issue with CSV plugin

 *  Resolved [Bozster](https://wordpress.org/support/users/bozster/)
 * (@bozster)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-csv-importer-warning-iframe-injection-issue-with-csv-plugin/)
 * BE VERY CAREFUL.. While the plugin works fine. If you leave the plugin on your
   WP server it has security flaw allowing bots to inject iframe code.
 * It inserts the code in index.php in WordPress and it’s base64 encoded.
 * When you are infected it looks like this:
 * _eval code moderated.]_
 * and you will see a small 1px by 1px dot before the HTML tag of your site/template
   when viewed in browser.
 * This is what the code actually looks like when decoded:
    [http://pastebin.com/K1MKqwNk](http://pastebin.com/K1MKqwNk)
 * The reason why I know it’s CSV plugin is because this is a fresh WordPress 3.2.1
   installation without any plugins. As soon as I installed CSV plugin the site/
   WP installation was compromised and iFrame injection happened to the index.php
 * [http://wordpress.org/extend/plugins/csv-importer/](http://wordpress.org/extend/plugins/csv-importer/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [Bozster](https://wordpress.org/support/users/bozster/)
 * (@bozster)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-csv-importer-warning-iframe-injection-issue-with-csv-plugin/#post-2300754)
 * It might be false alarm.. I deleted it and reset password and I still get infected.
   This is now becoming a huge problem.
 * Does anyone have a solution for this!!!? What is happening.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-csv-importer-warning-iframe-injection-issue-with-csv-plugin/#post-2300763)
 * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: CSV Importer] WARNING!!! iFrame Injection issue with CSV plugin’
is closed to new replies.

 * ![](https://ps.w.org/csv-importer/assets/icon-256x256.png?rev=3039593)
 * [CSV Importer](https://wordpress.org/plugins/csv-importer/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/csv-importer/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/csv-importer/)
 * [Active Topics](https://wordpress.org/support/plugin/csv-importer/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/csv-importer/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/csv-importer/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-csv-importer-warning-iframe-injection-issue-with-csv-plugin/#post-2300763)
 * Status: resolved