Just got a clients site hit myself.
Was pretty up-to-date with everything, they seem to be hammering this exploit.
I think I’ve found the exploit the Skiddies are hammering:
https://www.exploit-db.com/exploits/41224/
Turns out the plugin had to be reactivated.
I also suggest adding debug logging to the slt_cf_init_fields() function of slt-cf-init.php, as it currently silently strips out boxes/fields it doesn’t like.
Some more research has lead to to discover that the following WP hooks aren’t firing:
show_user_profile
edit_user_profile
Any ideas?
