Support » Everything else WordPress » Is this an exploit or what?

  • I was reviewing my web stats and noticed 3 or 4 hits in the last 2 days from widgets.wordpress.com although I cant find anywhere on that site where there is a link to my site.

    When i go to widgets.wordpress.com and view the page source I see the following javascript code inside their source:

    <script type="text/javascript">
    function showNav(el) { el.getElementsByTagName('UL')[0].style.left='auto'; }
    function hideNav(el) { el.getElementsByTagName('UL')[0].style.left='-999em'; }
    function pressthis(step) {if (step == 1) {if(navigator.userAgent.indexOf('Safari') >= 0) {Q=getSelection();}else {if(window.getSelection)Q=window.getSelection().toString();else if(document.selection)Q=document.selection.createRange().text;else Q=document.getSelection().toString();}} else {location.href='http://domain.com/wp-admin/post-new.php?text='+encodeURIComponent(Q.toString())+'&amp;popupurl='+encodeURIComponent(location.href)+'&amp;popuptitle='+encodeURIComponent(document.title);}}
    </script>

    Why is there javascript in someone elses website trying to post in my admin section? I replaced my domain with “domain.com” in the location.href .

    any helpwould be appreciated

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter serialboxhpc

    (@serialboxhpc)

    this is what im concerned about and dont know enough about javascript to know whats going on.

    {location.href='http://domain.com/wp-admin/post-new.php?text='+encodeURIComponent(Q.toString())+'&amp;popupurl='+encodeURIComponent(location.href)+'&amp;popuptitle='+encodeURIComponent(document.title)

    domain.com is replacing my actual domain.

    Thread Starter serialboxhpc

    (@serialboxhpc)

    nevermind….its the wordpress.com header when im logged in to my api account. sry..

    Hey, don’t feel bad. Better to be safe than sorry; much better to ask and find out it’s benign, than to assume it is and find out othewise later! No harm done. 🙂

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Is this an exploit or what?’ is closed to new replies.