Is it possible for someone to add malicious code to a theme file (functions.php or perhaps footer.php) that would allow someone to gain aspect to the Link function on the WordPress admin panel?
I ask this because twice in the last week, I've had a friend (using the i-feel-dirty theme that was customized lightly by me) have a link pop up in the blogroll that was not added by her or myself.
As of yesterday afternoon the link wasn't on the blogroll of her site, and yet this morning it was there. I checked google analytics for referral sites or anything out of the ordinary and came across this "search keyword" with the source being AOL:
I'm not going to repeat the link that was placed on the blogroll here, it was for a casino site. The point is -- well, the initial question: is it possible to add code to a theme in order to achieve this (malicious) ends? I've removed code that I found in the footer file that seemed to have been out of place and un-necessary just in case that was the source of this problem... But I don't truly know if that was it or if it's somewhere else (A plugin) in the site in question.