Plugin Redirecting to Weird Sites

Floriante
(@floriante)

8 months ago

I dont know why but your plugin is redirecting any visitor to my site to some weird sites. Whats going on? Is this a virus? Or a bug? OR whatever? Might it infect my website?

Viewing 7 replies - 1 through 7 (of 7 total)

(@krzxsiek)

I have the same problem 🙁 Delete this plugin and find
<script language=javascript>eval(String.fromCharCode(
in mySQL and everything will be fine 😉

Delete all caches after.

This reply was modified 8 months ago by krzxsiek.

rdrit

(@rdrit)

8 months ago

Hello,

Here is an alternative to put in function.php

function get_rdr_related_post($post_id){
    $tags = wp_get_post_tags($post_id);
    if ($tags) {
        
        //$first_tag = $tags[0]->term_id;
        $tag_ids = array();	
        foreach($tags as $individual_tag){
            $tag_ids[] = $individual_tag->term_id;
        } 

        $args=array(
            'tag__in' => $tag_ids,
            'post__not_in'      => array($post_id),
            'posts_per_page'    =>3,
            'caller_get_posts'  =>1,
            'meta_key'          => '_thumbnail_id',
            'orderby'           => 'rand',
        );
        $my_query = new WP_Query($args);
        if( $my_query->have_posts() ) {
            while ($my_query->have_posts()) : $my_query->the_post(); ?>
            <div class="col">
                <a href="<?php echo esc_url( get_permalink() ); ?>">
                    <?php the_post_thumbnail('medium', array('class' => 'rdrit-home-thumbnail-max200') ); ?>
                </a>
                <a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a>
            </div>
            <?php
            endwhile;
        }
        wp_reset_query();
    }
}

maryisdead

(@mawe)

8 months ago

Same issue. People, uninstall, this plug-in has been compromised.

Check the wp_options table:

-- Show "infected" rows
SELECT * FROM wp_options  WHERE option_value LIKE '%eval(String.fromCharCode%';

-- Delete rows
DELETE FROM wp_options  WHERE option_value LIKE '%eval(String.fromCharCode%';

-- Delete all data related to the plug-in
DELETE FROM wp_options  WHERE option_name LIKE '%yuzo%';

This reply was modified 8 months ago by maryisdead. Reason: Code formatting

Floriante

(@floriante)

8 months ago

mary might this plugin EDIT or ALTER any other php or post database in my system?

maryisdead

(@mawe)

8 months ago

@floriante See my reply to the other thread where you replied. In short: I don’t think so but don’t take my word for it.

Floriante

(@floriante)

8 months ago

Shakaren i removed rows with:

— Delete rows
DELETE FROM wp_options WHERE option_value LIKE ‘%eval(String.fromCharCode%’;
— Delete all data related to the plug-in
DELETE FROM wp_options WHERE option_name LIKE ‘%yuzo%’;

and i also uninstalled the plugin. I checked the files and no difference.

Might this hack change other sections of the databae? shall i restore the older db?

Plugin Author