My hosting provider (WebFactional - ) has notified me of a number of security issues with my Wordpress based website which is using the twentyfourteen theme.
3 of the 5 effected files are part of the twentyfourteen theme:
wp-content/themes/twentyfourteen/images/file.php
wp-content/themes/twentyfourteen/404.php
wp-content/themes/twentyfourteen/css/test77.php
All of these files seem to contain PHP's eval() function on one or more occasion, the 404 page even passes POST data to eval() ! "eval($_POST['p1']);" That sounds like the worst possible idea anyone could have had? Surly that means an attacker can pass malicious PHP code in POST data and have it execute on my website!
Can you please investigate these 3 files and the security risks my hosting provider has identified and provide me with an update as to how I can patch these issues.
Kind regards,
HARVS1789UK