Security Breach – Hack | ww.wp.xz.cn

Resolved lukeflego
(@lukeflego)

7 years ago

Found a breach in the JS link – injection

Using URL encoded JS (script tag, eval, String.fromCharCode) in the zotabox staticlink…

https://static.zotabox.com/%3C///%3C/script%3E%3Cscript%3Eeval(String.fromCharCode(118,… [script removed for safety] …,%20125));%3C/script%3E/widgets.js

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Zotabox
(@zotabox)

7 years ago

Hi, we have fixed this issue. Please de-activate and activate your plugin again to update to our latest version.

Sorry for the inconvenience.

LogixTree
(@logixtree)

7 years ago

In the Earlier version, ESET was reporting the link and blocked it further. After updating the plugin, So far no report. But I can still see the eval() code is being used. Are you sure it’s okay to continue the use?
Anonymous User 11986954
(@anonymized-11986954)

7 years ago
Deactivating and reactivating after update seems to work, very odd, it shouldn’t be necessary.
- This reply was modified 7 years ago by Anonymous User 11986954.
Plugin Author Zotabox
(@zotabox)

7 years ago

Yes, after updating our plugin, de-activating and activating again will remove unexpected script from your site.

Please refresh your website cache after the above steps.

Sorry for the inconvenience.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Breach – Hack’ is closed to new replies.

4 replies
0 participants
Last reply from: Zotabox
Last activity: 7 years ago
Status: resolved