dornz1Hello,
I have very limited skills w/code and I was wondering if someone could give me some insite on this. I ran Exploit Scanner on my WP site and it found some 'suspicious' iframes and other code that I'm not sure if it's TRUELY malicious or if it's ok to be there. Below is the results...
<iframe
iframes can sometimes be used by hackers to load their own adverts and code on your site.
Found in the following file(s):
1.foo/wordpress/wp-admin/plugin-editor.php
ce'], 'plugin-activation-error_' . $file) ) { ?>
<iframe style="border:0" width="100%" height="70px" src="<?php bloginfo('wpurl'); ?>/wp-admin/plugins.php?action=error_scrape&plugin=<?php echo esc_attr($file); ?>&_wpnonce=<?php echo esc_attr($_GET['_error_nonce']); ?>"></iframe>
<?php } ?>
2.foo/wordpress/wp-admin/plugins.php
'], 'plugin-activation-error_' . $plugin) ) { ?>
<iframe style="border:0" width="100%" height="70px" src="<?php echo admin_url('plugins.php?action=error_scrape&plugin=' . esc_attr($plugin) . '&_wpnonce=' . esc_attr($_GET['_error_nonce'])); ?>"></iframe>
<?php
}
?>
</div>
<?php elseif (
3.foo/wordpress/wp-content/plugins/akismet/akismet.php
stats.php?blog={$blog}";
?>
<div class="wrap">
<iframe src="<?php echo $url; ?>" width="100%" height="100%" frameborder="0" id="akismet-stats-frame"></iframe>
</div>
<?php
}
function akismet_get_key() {
global $wpcom_api_key;
if ( !empty($wpcom_api_key) )
return $wpcom_api_key;
return get
4.foo/wordpress/wp-includes/js/jquery/jquery.form.dev.js
+ $.fn.ajaxSubmit.counter++;
var $io = $('<iframe id="' + id + '" name="' + id + '" />');
var io = $io[0];
var op8 = $.browser.opera && window.opera.version() < 9;
if ($.browser.msie || op8) io.src = 'javascript:false;document.write("");';
$io.css({ position:
5.foo/wordpress/wp-includes/js/jquery/jquery.form.js
d="jqFormIO"+$.fn.ajaxSubmit.counter++;var $io=$('<iframe id="'+id+'" name="'+id+'" />');var io=$io[0];var op8=$.browser.opera&&window.opera.version()<9;if($.browser.msie||op8){io.src='javascript:false;document.write("");'}$io.css({position:"absolute",top:"-1000px",left:"-1000px"});var xhr={response
6.foo/wordpress/wp-includes/js/scriptaculous/controls.js
{
new Insertion.After(this.update,
'<iframe id="' + this.update.id + '_iefix" '+
'style="display:none;position:absolute;filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0);" ' +
'src="javascript:false;" frameborder="0" scrolling="no"></iframe>');
this.iefix =
7.foo/wordpress/wp-includes/js/thickbox/thickbox.js
select elements in ie6
jQuery("body").append("<iframe id='TB_HideSelect'></iframe><div id='TB_overlay'></div><div id='TB_window'></div>");
jQuery("#TB_overlay").click(tb_remove);
}
}else{//all others
if(document.getElementById("TB_overlay") === null){
jQuery("body").append("<div
--------------------------------------------------------------------------------
img src='" + tb_closeImage + "' /></div></div><iframe frameborder='0' hspace='0' src='"+urlNoQuery[0]+"' id='TB_iframeContent' name='TB_iframeContent"+Math.round(Math.random()*1000)+"' onload='tb_showIframe()' style='width:"+(ajaxContentW + 29)+"px;height:"+(ajaxContentH + 17)+"px;' > </iframe>"
--------------------------------------------------------------------------------
ay").unbind();
jQuery("#TB_window").append("<iframe frameborder='0' hspace='0' src='"+urlNoQuery[0]+"' id='TB_iframeContent' name='TB_iframeContent"+Math.round(Math.random()*1000)+"' onload='tb_showIframe()' style='width:"+(ajaxContentW + 29)+"px;height:"+(ajaxContentH + 17)+"px;'> </iframe>")
8.foo/wordpress/wp-includes/js/tinymce/plugins/paste/js/pasteword.js
sHTML = '';
// Create iframe
el.innerHTML = '<iframe id="iframe" src="javascript:\'\';" frameBorder="0" style="border: 1px solid gray"></iframe>';
ifr = document.getElementById('iframe');
doc = ifr.contentWindow.document;
// Force absolute CSS urls
css = [ed.baseURI.toAbsolute("themes/
9.wp-includes/js/tinymce/themes/advanced/js/about.js
f (tinyMCEPopup.getParam('docs_url')) {
html = '<iframe width="100%" height="300" src="' + tinyMCEPopup.editor.baseURI.toAbsolute(tinyMCEPopup.getParam('docs_url')) + '"></iframe>';
document.getElementById('iframecontainer').innerHTML = html;
document.getElementById('help_tab').style.display =
10.wp-content/plugins/akismet/akismet.php
stats.php?blog={$blog}";
?>
<div class="wrap">
<iframe src="<?php echo $url; ?>" width="100%" height="100%" frameborder="0" id="akismet-stats-frame"></iframe>
</div>
<?php
}
function akismet_get_key() {
global $wpcom_api_key;
if ( !empty($wpcom_api_key) )
return $wpcom_api_key;
return get
11.wp-content/plugins/akismet/akismet.php
stats.php?blog={$blog}";
?>
<div class="wrap">
<iframe src="<?php echo $url; ?>" width="100%" height="100%" frameborder="0" id="akismet-stats-frame"></iframe>
</div>
<?php
}
function akismet_get_key() {
global $wpcom_api_key;
if ( !empty($wpcom_api_key) )
return $wpcom_api_key;
return get
12./wp-content/plugins/google-sitemap-generator/sitemap-ui.php
>GetOption('i_hide_donors')!==true) { ?>
<iframe border="0" frameborder="0" scrolling="no" allowtransparency="yes" style="width:100%; height:80px;" src="<?php echo $this->sg->GetRedirectLink('sitemap-donorlist'); ?>">
<?php _e('List of the donors','sitemap'); ?>
</iframe><
