Title: Plugin possible compromised Last modified: December 13, 2019 --- # Plugin possible compromised * Resolved [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 5 months ago](https://wordpress.org/support/topic/plugin-possible-compromised/) * we found a hack today and it was nested in this plugin. Please take a look and keep an eye out Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Alex Volkov](https://wordpress.org/support/users/vol4ikman/) * (@vol4ikman) * [6 years, 5 months ago](https://wordpress.org/support/topic/plugin-possible-compromised/#post-12236821) * ?? * Thread Starter [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 5 months ago](https://wordpress.org/support/topic/plugin-possible-compromised/#post-12237172) * I’ve found 4 sites using [https://wordpress.org/plugins/wp-accessibility/](https://wordpress.org/plugins/wp-accessibility/) that are hacked. 3 on different servers and 2 more, both of which I don’t even manage or have anything to do with. The Sucuri Scanners are showing the same exploits. Either that or there was a hole somewhere else. I’m guessing its this plugin since they all share this same common denominator. I let the plugin devs know but no reply yet. * they all seemed to have a similar exploit as seen here [https://share.getcloudapp.com/Jru7WZA8](https://share.getcloudapp.com/Jru7WZA8) * once I deleted the plugin the actual root of the cause was gone. At that point, there was an injection of some kind. To add further headache, out of nowhere an admin user was created using some sort of fake WooCom email address. * All 3 sites seemed to be running different versions of WooCommerce too. I suppose it very well could be Woo related as well but the fact it was nested in the plugin was sort of a red flag to me. * We were running the latest versions of WP Accessibility Helper. Usually, I can sniff out the malicious code but this was really sneaky. I reported to Sucuri but unfortunately, I had deleted the plugin prior to the cleanup. * We were using the latest version of WordPress too. All other plugins were updated too. * the footer had a big gap in it and there were some weird iframes like so [https://share.getcloudapp.com/04ugKEmZ](https://share.getcloudapp.com/04ugKEmZ). They were being created by this [https://share.getcloudapp.com/7KuyRQL1](https://share.getcloudapp.com/7KuyRQL1) * Hope that helps. * I don’t mean to cause alarm but if its a glaring hole hopefully we can knock it quickly. * And sorry I half posted info… I accidentally posted the rest of the info to another similarly named plugin… oops. - This reply was modified 6 years, 5 months ago by [abossola](https://wordpress.org/support/users/abossola/). * Plugin Author [Alex Volkov](https://wordpress.org/support/users/vol4ikman/) * (@vol4ikman) * [6 years, 5 months ago](https://wordpress.org/support/topic/plugin-possible-compromised/#post-12237285) * Thanks for the report. But you can check the plug-in source code on WordPress repository, and you will see that, our code is ok. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Plugin possible compromised’ is closed to new replies. * ![](https://ps.w.org/wp-accessibility-helper/assets/icon-256x256.jpg?rev=2500492) * [WP Accessibility Helper (WAH)](https://wordpress.org/plugins/wp-accessibility-helper/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-accessibility-helper/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-accessibility-helper/) * [Active Topics](https://wordpress.org/support/plugin/wp-accessibility-helper/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-accessibility-helper/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-accessibility-helper/reviews/) * 3 replies * 2 participants * Last reply from: [Alex Volkov](https://wordpress.org/support/users/vol4ikman/) * Last activity: [6 years, 5 months ago](https://wordpress.org/support/topic/plugin-possible-compromised/#post-12237285) * Status: resolved