Malicious eval() is being inserted into the wp_options table, in the option_name: social_wafare_settings, in the Twitter field. When the plugin is active, it causes the site to issue a JavaScript redirect to porn sites. Deactivating the plugin disables the redirect, but the malicious eval() is still in the database. The plugin has been pulled from the WordPress repository. https://wordpress.org/support/topic/malware-into-new-update/ So far we have seen this exploited on live sites running 3.5.1 and 3.5.2.
BYPASS
Andrew Wilder
No
2019-03-21 (about 3 years ago)
2019-03-21 (about 3 years ago)
2020-09-22 (about 2 years ago)