I understand. The strange thing though is that we have bought the theme from SwiftIdeas on Themeforest. They are premium template designers, I cannot image them using nulled scripts.
I only installed plugins from the official WordPress website and still we got affected by this exploit.
We have now shut down out complete server and are in the progress of deploying WordPress on another one. We will try to figure out by trial and error which plugin installed this malware.
Do you have any clues on what the malware caused on your servers? It looks like all user accounts were compromised and a backdoor onto our server was made. Any idea of this what they were after?
Dear all,
I ran into the same issue and I am wondering if you guys have already figured out which plugins have caused this issue. I don’t seem to have installed any suspicious ones..
We have solved the issue by removing the social.png file and the reference from the functions.php file. It now is gone, but as far as we can see this is a pretty serious exploit.
It is probable that all admin passwords and db user passwords have been compromised as well as visitor data, so this is quite serious.
