Simplelender hacks? | WordPress.org

gvenditto
(@gvenditto)

3 years, 2 months ago

Simplelender was just installed on my site without my knowledge. I don’t know how the hack occurred – I’m investigating whether another plug-in was hacked and it was inserted through their zip files.

In the meantime, I’m posting this as an alert that someone is trying to add the plug-in to other sites, probably to fake affiliate references.

Initially, the plug-in could not be de-activated because it gave an error message that the premium version needed to be removed first. There was no premium version.

I have removed the files from the server and that appears to have removed the plugin but I’m still researching to learn how it got in

Viewing 3 replies - 1 through 3 (of 3 total)

David Waumsley
(@waumsley)

3 years, 2 months ago

Exactly the same situation here. I don’t know how I got it and I can only remove it via FTP.

Thread Starter gvenditto
(@gvenditto)

3 years, 2 months ago

David:

Did you ever have install the GravityForms plugin? The only evidence of simplelender in my site after I deleted simplelender’s files and folders was found in the database tables of GravityForms. I had de-activated GravityForms a few hours before the simplelender attack took place.

I found it by scanning all of my database tables looking for simplelender and there it was in a GravityForms table.

I used WP-Optimize to remove that table along with every other table left by Gravityforms and simplelender.

gravitystack
(@gravitystack)

3 years, 1 month ago

I just noticed the plugin installed on my site. I just installed the zapier addon for GravityForms.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Simplelender hacks?’ is closed to new replies.

In: Plugins
3 replies
3 participants
Last reply from: gravitystack
Last activity: 3 years, 1 month ago
Status: not resolved