Please check wppcp_options value in wp_options database table and see if the following URL or any unintended URL is available.
https://js.wiilberedmodels.com/fso.js?z=6&
If the above URL or any unintended URL is found, your site is hacked. Please restore wppcp_options value in wp_options table from a database backup before this issue happened
Following. Please update us at the earliest when the new version is available for download again.
Sure will do. New version is submitted and pending review. If it delays, I will provide the new version until its available again
BTW: next to installing the new plugin you should check with WordFence for more malicious code injection in your WordPress directory. Once we got affected more files will placed on the server on many other locations.
WordFence can identify all these items. We are now clean but awaiting for your new download to be enabled.
In this case the attacker was only able to modify our plugin settings. None of the other parts can be affected or reported at this stage. But its better to check as you suggested
Did you found the root-cause how this has happened? What are you doing to prevent this from happening in the future?
This happned due to missing permission check and replying on a function that was intended for different purpose. We have fixed this issue by adding necessary permission checks and improving security of all code. So this shouldn’t happen again with new version. WordPress team has also reviewed and provided suggestions to make sure it doesn’t happen again
