• Hello,

    One of my client has a site with latest version of WordPress and all updated plugins.
    But it uses a heavily customized tagDiv Plugin, Newspaper theme which is a bit old version. Due to heavy customization, the theme can’t be updated.

    For safety, the site is also protected by Wordfence with auto-update.

    Few days ago, browser started to complain about Virus JS in the site!
    When I ran the scan multiple times, Wordfence found nothing!
    Then the Sucuri SiteCheck pointed out the Virus JS in the page.

    Upon searching, I found this URL about the virus script details –
    https://blog.sucuri.net/2023/10/balada-injector-targets-unpatched-tagdiv-plugin-newspaper-theme-wordpress-admins.html

    I found this issue –

    Remove the initial injection, which can be found in the “td_live_css_local_storage” option in the wp_options table.

    and also blocked – /wp-json/tdw/save_css

    Pls update your scanner to detect such issue in the DB also.

    Thanks and regards

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @ayandebnath, thanks for making us aware of this.

    It looks like the update you requested above has now been actioned by our Threat Intelligence team after seeing your post. Although we work hard to research vulnerabilities and keep up with the research of other organizations, sometimes a rule may need tweaking or packaging of the original issue can change over time.

    If you ever notice something that Wordfence isn’t picking up, by all means send files or observations to samples @ wordfence . com so our team can check it out.

    Many thanks,
    Peter.

    Thread Starter ayandebnath

    (@ayandebnath)

    Happy to help you.
    Thanks for your hard work to keep our sites safe 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.