WordPress.org

Ready to get started?Download WordPress

Forums

link injection in WP 2.8.4 (2 posts)

  1. subiectiv
    Member
    Posted 4 years ago #

    Hey,

    Though I strongly believed there's no way someone could hack into my hosting account, it occurred to me (actually, some guy sent me an e-mail) that there might be a vulnerability in WP 2.8.4.
    Though I checked out each and every single file of my template and plugins, I've found no problem. I usually set cue permissions so no one could actually break into my template and deface it.
    Anyway, if I couldn't find anything regarding the tons of links that could be viewed from in "page source", I checked out the SQL database. I thought it might have been some SQL injection. None whatsoever.
    I had to reinstall WP. And because I was in a hurry (and I'm not a coder), I didn't got to look in the WP core files.
    Still, knowing that I had a new HTML file code inserted into my page source, starting with the HTML tag, continued by the BODY tag, and noticing that was posted right after the footer ending, I believe the problem is somewhere in the files that create the wp_footer function/action.
    I had a similar link injection problem before, and generally speaking, the link injection usually appears before your HTML code, not after. It's usually inserted in the HEAD area or below.

    Have any ideas? Could anyone check it out?
    Thanks

  2. That's remarkably vague.

    Sure, there MIGHT be a vulnerability in WP, and I'm sure the usual suspects are paying attention to legit threats but. "A dude emailed me to tell me there might be a hack" is a crank-file email. It's to be discarded. It's not a real threat, and it's far too vague to even consider.

    If you think your site IS hacked, toss us a link and maybe someone here can spot it. But otherwise, there are no reported hacks with WP 2.8.4 at this time.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.