Title: [Priority] Possible WordPress Vulnerability
Last modified: August 21, 2016

---

# [Priority] Possible WordPress Vulnerability

 *  [sergio_101](https://wordpress.org/support/users/sergio_101/)
 * (@sergio_101)
 * [11 years, 11 months ago](https://wordpress.org/support/topic/priority-possible-wordpress-vulnerability/)
 * I am trying to track down what appears to be a pretty widespread and serious 
   vulnerability in either wordpress, or a configuration of word press.
 * For the second time in just a few months, I have had blocks of html injected 
   into posts on my site. See [fn:1] for the exact text of what is being inserted.
 * This installation is currently running wordpress 3.9, which, although
    is not
   the most current (the current version is 3.9.1), is still very much current.
 * The database server has the user accessing the database set to localhost only.
 * The most curious thing is, if you google any of these links as plain text, there
   is an abundance of pages linking to these pages. Each of the google hits on these
   is a wordpress site that seems to have suffered the same attack.
 * Looking at other sites subject to the same attack, it appears that the blocks
   injected into the sites are very similar.
 * The first time I ran across this, I found that a new user had been generated 
   in wordpress, and that each of the edits were attributed to that user. In this
   most recent case, this has not happened.
 * The other curious thing is that in this round, the edits seem to have circumvented
   the revisions system.
 * As you can tell, the html inserted is not rendered on the page, but is clearly
   visible to google.
 * Let me know if anyone has any ideas.
 * * Footnotes
 * [fn:1]
    [blog title=”From <div style=”position:absolute; left:-3535px; top:-3231px;”
   >Takes product <a href=”[http://www.eewidget.com/loa/north-pharmacy-canada-lasix.html”>http://www.eewidget.com/loa/north-pharmacy-canada-lasix.html](http://www.eewidget.com/loa/north-pharmacy-canada-lasix.html”>http://www.eewidget.com/loa/north-pharmacy-canada-lasix.html)
   of sides daily cured golfer <a href=”[http://secondnaturearomatics.com/xenical-cheap/”>xenical](http://secondnaturearomatics.com/xenical-cheap/”>xenical)
   cheap impressed told. Doesn’t it, <a href=”[http://www.theonlinehelpsite.com/north-american-pharmacy.html”>http://www.theonlinehelpsite.com/north-american-pharmacy.html](http://www.theonlinehelpsite.com/north-american-pharmacy.html”>http://www.theonlinehelpsite.com/north-american-pharmacy.html)
   convinced redhead edge <a href=”[http://www.eewidget.com/loa/predizone-without-a-prescribtion.html”>http://www.eewidget.com/loa/predizone-without-a-prescribtion.html](http://www.eewidget.com/loa/predizone-without-a-prescribtion.html”>http://www.eewidget.com/loa/predizone-without-a-prescribtion.html)
   treatment of t <a href=”[http://wildingfoundation.com/order-cialis-online-canada”>order](http://wildingfoundation.com/order-cialis-online-canada”>order)
   cialis online canada Anyways will: ever powder, <a href=”[http://www.streetwarsonline.com/dav/combo-packs-viagra-and-cialis.php”>http://www.streetwarsonline.com/dav/combo-packs-viagra-and-cialis.php](http://www.streetwarsonline.com/dav/combo-packs-viagra-and-cialis.php”>http://www.streetwarsonline.com/dav/combo-packs-viagra-and-cialis.php)
   while would arrived more <a href=”[http://www.bakersfieldobgyn.com/best-legal-online-site-to-buy-viagra”>http://www.bakersfieldobgyn.com/best-legal-online-site-to-buy-viagra](http://www.bakersfieldobgyn.com/best-legal-online-site-to-buy-viagra”>http://www.bakersfieldobgyn.com/best-legal-online-site-to-buy-viagra)
   brushes brushes. It’s bounds <a href=”[http://secondnaturearomatics.com/buy-novadex/”>http://secondnaturearomatics.com/buy-novadex/](http://secondnaturearomatics.com/buy-novadex/”>http://secondnaturearomatics.com/buy-novadex/)
   give it not… Blemishes – know <a href=”[http://www.qxccommunications.com/cheap-propecia.php”>cheap](http://www.qxccommunications.com/cheap-propecia.php”>cheap)
   propecia it her WalMart big <a href=”[http://www.qxccommunications.com/varfendil-overseas.php”>varfendil](http://www.qxccommunications.com/varfendil-overseas.php”>varfendil)
   overseas deeply for products <a href=”[http://wildingfoundation.com/xenical-shipper”>http://wildingfoundation.com/xenical-shipper](http://wildingfoundation.com/xenical-shipper”>http://wildingfoundation.com/xenical-shipper)
   known have Gel <a href=”[http://www.streetwarsonline.com/dav/generic-propecia-in-united-states.php”>generic](http://www.streetwarsonline.com/dav/generic-propecia-in-united-states.php”>generic)
   propecia in united states ago? With on <a href=”[http://secondnaturearomatics.com/do-some-aftermarket-viagras-work/”>inhouse](http://secondnaturearomatics.com/do-some-aftermarket-viagras-work/”>inhouse)
   pharmacy biz skin on this cracks <a href=”[http://www.bakersfieldobgyn.com/non-prescription-canadian-viagra”>non](http://www.bakersfieldobgyn.com/non-prescription-canadian-viagra”>non)
   prescription canadian viagra injectables hair changed fairly <a href=”[http://www.bakersfieldobgyn.com/sildenafil-citrate-pfizer”>http://www.bakersfieldobgyn.com/sildenafil-citrate-pfizer](http://www.bakersfieldobgyn.com/sildenafil-citrate-pfizer”>http://www.bakersfieldobgyn.com/sildenafil-citrate-pfizer)
   a not this them look <a href=”[http://wildingfoundation.com/alldaychemist-drugs”>mycanadian](http://wildingfoundation.com/alldaychemist-drugs”>mycanadian)
   pharmacy online trays in it watered <a href=”[http://www.theonlinehelpsite.com/baclofen-from-canda.html”>http://www.theonlinehelpsite.com/baclofen-from-canda.html](http://www.theonlinehelpsite.com/baclofen-from-canda.html”>http://www.theonlinehelpsite.com/baclofen-from-canda.html)
   pregnant hours these and <a rel=”nofollow” href=”[http://www.eewidget.com/loa/cialis-online-canada-fast-delivery.html”>http://www.eewidget.com/loa/cialis-online-canada-fast-delivery.html](http://www.eewidget.com/loa/cialis-online-canada-fast-delivery.html”>http://www.eewidget.com/loa/cialis-online-canada-fast-delivery.html)
   the Hilton’s bottle the crispy <a href=”[http://www.streetwarsonline.com/dav/buy-crestor-without-prescription-cheap.php”>order](http://www.streetwarsonline.com/dav/buy-crestor-without-prescription-cheap.php”>order)
   clomid fast shipping anyone, elasticity new.</div> Our Blog” category=”category-
   slug” item=”6″]

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [11 years, 11 months ago](https://wordpress.org/support/topic/priority-possible-wordpress-vulnerability/#post-5085741)
 * It’s more than likely a corrupt theme or plugin adding these.
 * Remain calm and carefully follow [this guide](http://codex.wordpress.org/FAQ_My_site_was_hacked).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](http://codex.wordpress.org/Hardening_WordPress).
 *  [scotthaslinger](https://wordpress.org/support/users/scotthaslinger/)
 * (@scotthaslinger)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/priority-possible-wordpress-vulnerability/#post-5086068)
 * Sergio,
 * My company is on that list and it has been a nightmare
    trying to resolve this
   issue for me as well. Here is what you need to do. Go to [https://www.google.com/webmasters/tools/home?hl=en](https://www.google.com/webmasters/tools/home?hl=en)
   setup an account for your website if you do not already have one. Open your account
   click on Google Index click on Remove URL’s click on Create a new removal request
   and you will have to delete every fake URL that points to your site. This is 
   obviously after you remove the bug from your site.
 * Scott.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Priority] Possible WordPress Vulnerability’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 3 participants
 * Last reply from: [scotthaslinger](https://wordpress.org/support/users/scotthaslinger/)
 * Last activity: [11 years, 10 months ago](https://wordpress.org/support/topic/priority-possible-wordpress-vulnerability/#post-5086068)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics