Wordfence Failed to Detect Infection
-
Hello,
One of my client has a site with latest version of WordPress and all updated plugins.
But it uses a heavily customized tagDiv Plugin, Newspaper theme which is a bit old version. Due to heavy customization, the theme can’t be updated.For safety, the site is also protected by Wordfence with auto-update.
Few days ago, browser started to complain about Virus JS in the site!
When I ran the scan multiple times, Wordfence found nothing!
Then the Sucuri SiteCheck pointed out the Virus JS in the page.Upon searching, I found this URL about the virus script details –
https://blog.sucuri.net/2023/10/balada-injector-targets-unpatched-tagdiv-plugin-newspaper-theme-wordpress-admins.htmlI found this issue –
Remove the initial injection, which can be found in the “td_live_css_local_storage” option in the wp_options table.
and also blocked – /wp-json/tdw/save_css
Pls update your scanner to detect such issue in the DB also.
Thanks and regards
The page I need help with: [log in to see the link]
- You must be logged in to reply to this topic.