Title: aewing2021's Replies | WordPress.org

---

# aewing2021

  [  ](https://wordpress.org/support/users/aewing2021/)

 *   [Profile](https://wordpress.org/support/users/aewing2021/)
 *   [Topics Started](https://wordpress.org/support/users/aewing2021/topics/)
 *   [Replies Created](https://wordpress.org/support/users/aewing2021/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/aewing2021/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/aewing2021/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/aewing2021/engagements/)
 *   [Favorites](https://wordpress.org/support/users/aewing2021/favorites/)

 Search replies:

## Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[QuadMenu - Mega Menu] SECURITY ISSUE](https://wordpress.org/support/topic/security-issue-115/)
 *  Thread Starter [aewing2021](https://wordpress.org/support/users/aewing2021/)
 * (@aewing2021)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/security-issue-115/#post-14091586)
 * Yes, this was the same hack [@valhard](https://wordpress.org/support/users/valhard/)–
   redirect malware. Our sites were hit between 12pm and 4pm UK time.
 * [@dougp2021](https://wordpress.org/support/users/dougp2021/) – do a backup restore
   before updating the plugin. If you don’t have one then do a fresh WP core install
   and check the uploads folder for wp-stream.php and _lcl file – ours were in the
   root oof the uploads folder. There was also an injection in the WP root index.
   php file.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[QuadMenu - Mega Menu] SECURITY ISSUE](https://wordpress.org/support/topic/security-issue-115/)
 *  Thread Starter [aewing2021](https://wordpress.org/support/users/aewing2021/)
 * (@aewing2021)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/security-issue-115/#post-14089402)
 * I can confirm that this related to patching to 2.07 version and that the issue
   is resolved with the latest update as far as we can see.
 * We had to do full back-up restores, although so far as we could see the injection
   was into the file structure as opposed to the database.
 * I would urge anyone to update all their sites running QuadMenu to 2.07 immediately.
   The security backdoor can still be exploited even if the plugin is installed 
   but deactivated.
 * A software update should suffice and mean no deactivation is necessary.
 * Hopefully, that helps anyone else reading this who has experienced this issue.
    -  This reply was modified 5 years, 3 months ago by [aewing2021](https://wordpress.org/support/users/aewing2021/).

Viewing 2 replies - 1 through 2 (of 2 total)