Title: Old posts contain Javascript injections
Last modified: August 19, 2016

---

# Old posts contain Javascript injections

 *  [brigwyn](https://wordpress.org/support/users/brigwyn/)
 * (@brigwyn)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/old-posts-contain-javascript-injections/)
 * Has anyone else noticed javascript injections in the HTML section of their old
   2.7x posts?
 * I was migrating the posts from an old version of WordPress 2.7x to a new clean
   2.8.4 installation using only a database transfer. 24 hours later my site was
   shut down due and reporting several script and database related calls.
 * After manually looking into the HTML of each post, I noticed strange javascript
   code. (The javascript is pretty long so i hesitate to post it here. I say strange
   because it contained calls and redirects to unfamiliar sites.
 * Any suggestions on cleaning up a massive amount of posts (appx 1,500) without
   having to manually go through and edit each one individually?
 * Footnote:
    1. I have manually deleted all unused or old folders and files. 2.
   I have confirmed that my security settings are correct with my host’s security
   team.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Samuel B](https://wordpress.org/support/users/samboll/)
 * (@samboll)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/old-posts-contain-javascript-injections/#post-1244258)
 * [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
 *  Thread Starter [brigwyn](https://wordpress.org/support/users/brigwyn/)
 * (@brigwyn)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/old-posts-contain-javascript-injections/#post-1244263)
 * [@samboll](https://wordpress.org/support/users/samboll/)
    I appreciate the link
   but that isn’t the issue in this case.
 * The issue is with the individual posts themselves contained in the wp_posts table.
   To be more specific the post_content column for each record within the wp_posts
   table.
 * As stated in the post the new installation is clean, meaning brand new.
 * Also as stated in my original post I deleted all of the old files and folders.
   This includes WP related ones. There is none of the old 2.7x content, files, 
   themes or images on the files themselves.
 * I’m thinking it is best to export the wp_posts table and manually edit but I 
   was hoping for any other suggestions. Since that would be pretty intensive.
 * UPDATE: Original vulnerability might be related to using FireFox and the Browser
   Highlighter plug-in.
 * Thanks again.
 *  [Samuel B](https://wordpress.org/support/users/samboll/)
 * (@samboll)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/old-posts-contain-javascript-injections/#post-1244281)
 * in the link I gave, section 8 shows you how to clean the posts
 * > UPDATE: Original vulnerability might be related to using FireFox and the Browser
   > Highlighter plug-in.
 * what draws you to this conclusion?
 *  Thread Starter [brigwyn](https://wordpress.org/support/users/brigwyn/)
 * (@brigwyn)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/old-posts-contain-javascript-injections/#post-1244298)
 * [@samboll](https://wordpress.org/support/users/samboll/)
 * It was suggested as a possiblity by a fellow wordpress blogger. So I did some
   searching and came accross this post:
    `http://stackoverflow.com/questions/826191/
   strange-elements-appearing-in-javascript-rich-text-editors`
 * In the article it described the initial code I found in my new posts:
    `<input
   type="hidden" id="gwProxy" /><!--Session data--><input type="hidden" id="jsProxy"/
   ><div id="refHTML">&nbsp;</div>`
 * I had noticed this but thought it was related to a plug-in until this was brought
   to my attention is a 100% match. So I’m guessing this proxy code opens up a vulnerability
   that could be used for something else including possibly injecting some other
   malicious code.
 * Just a thought anyways, but seems to make sense to me.
 * And for the cleaning up posts. Thank, I’ll re-read the article closer this time.
 * All your help is much appreciated.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Old posts contain Javascript injections’ is closed to new replies.

## Tags

 * [javascript](https://wordpress.org/support/topic-tag/javascript/)
 * [upgrades](https://wordpress.org/support/topic-tag/upgrades/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 2 participants
 * Last reply from: [brigwyn](https://wordpress.org/support/users/brigwyn/)
 * Last activity: [16 years, 7 months ago](https://wordpress.org/support/topic/old-posts-contain-javascript-injections/#post-1244298)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics