To users:
Don’t use this plugin!
My website was infected by a virus that redirected to .top websites (space-robot), a known malicious ad virus that prompts you to allow notifications and opens to ads. (I then realized that probably found it’s way via header permissions and redirected to this .top page)
I kept backups, deleted all plugins, reinstalled core WordPress, and changed all username and passwords. The virus was still there.
Sucuri scan kept finding it hacked.
In the plugins list in admin panel of WordPress there was no visible plugin as WP-code, or anything else.
I searched in plugins ‘add new’ directory, and WP-code was active, but no ‘disable’ or ‘uninstall’ button was available (like this plugin was hidden in some way)!
So how you delete this thing?
Checking the files via ftp client, there was a folder in plugins ‘insert header and footer’. After deleting this folder, WP-code plugin was not installed anymore in my system, and the virus was gone. Sucuri scan finally found my website clean, after 2 months that I’m trying to clean it in several ways.
Only when I deleted this folder from plugins, my website was clean again and running as it should.
To developers: I understand all the excuses you might use to answer to all those people who are telling you that your plugin was compromised, but seriously, fix it!! 
HOpe you are doing well 
I have 2 websites in my company which are infected with an URL:MAL
No error shows up on the website but when I visit with the free version of avast, adblock pops up with this error:
“We cancel the connexion to tags.stickloader.info because this element was infected by URL:Mal”
Websites are:
serre-acd.ch
and
numeractive.ch
Do you have any idea from where this comes from ?
I am using wordpress with latest version
Thanks a lot,
Florian
Our Bitdefender Antivirus is reporting that this plugins is infected. Please review
unfortunately my site is still in a bad state, although I have updated the plugin and have also run a malware scanner over it. It still reminds me that the source code is infected and that it is due to Royal Addons.
I have bought your licence and would like you to help me as it is your responsibility and I am taking a big risk with you if my database is constantly under attack.
The Search Console also shows me that thousands of pages are not being indexed. However, I only have around 20-40 pages. How can this be rectified without too much effort?
]]>Sep 19 2023 18:03:47 – /blog/wp-includes/Text/Diff/Engine/native.php: INFECTED
Sep 19 2023 18:03:47 – /blog/wp-includes/Text/Diff/Engine/shell.php: INFECTED
Sep 19 2023 18:03:47 – /blog/wp-includes/Text/Diff/Engine/string.php: OK
Sep 19 2023 18:03:47 – /blog/wp-includes/Text/Diff/Renderer/inline.php: OK
Sep 19 2023 18:03:47 – /blog/wp-includes/Text/Diff.php: INFECTED
]]>I have two sites that have been knocked completely off-line, the one mentioned and That’s Good Enough For Me.
Bluehost ran a scan for me, indicating 7 infected files, all of which are some 500.php file.
/home2/twdcstud/public_html/glossolalia/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
/home2/twdcstud/public_html/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
/home2/twdcstud/public_html/test/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
/home2/twdcstud/public_html/tbd/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
/home2/twdcstud/public_html/co-op/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
/home2/twdcstud/public_html/comics/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
/home2/twdcstud/public_html/co-op-forum/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND ----------- SCAN SUMMARY -----------
Known viruses: 2263445
Engine version: devel-clamav-0.99-beta1-632-g8a582c7
Scanned directories: 12535
Scanned files: 188378
Infected files: 7
Data scanned: 8604.30 MB
Data read: 16902.96 MB (ratio 0.51:1)
Time: 9355.212 sec (155 m 55 s) ----------- SCAN SUMMARY -----------
Known viruses: 2263445
Engine version: devel-clamav-0.99-beta1-632-g8a582c7
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.061 sec (0 m 9 s) ----------- SCAN SUMMARY -----------
Known viruses: 2263445
Engine version: devel-clamav-0.99-beta1-632-g8a582c7
Scanned directories: 0
Scanned files: 570
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 11.584 sec (0 m 11 s)
Each of those 500.php files have the same content:
<!-- PHP Wrapper - 500 Server Error -->
<html><head><title>500 Server Error</title></head>
<body bgcolor=white>
<h1>500 Server Error</h1>
A misconfiguration on the server caused a hiccup.
Check the server logs, fix the problem, then try again.
<hr>
<?
echo "URL: https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]<br>\n";
$fixer = "checksuexec ".escapeshellarg($_SERVER[DOCUMENT_ROOT].$_SERVER[REQUEST_URI]);
echo $fixer;
?>
</body></html>I’ve read through the FAQ My site was hacked page, but am still a bit unclear on how to proceed.
Do I delete these 500.php files?
Any help or advice is greatly appreciated.
google-site-verification meta tags has been added to all pages granting owner access to my Search engine console panel.
]]>I have 44 posts in my website. However when I click the “Posts/Re-Order” in the WP Back end, I see the list of my posts, but I see ten or fifteen post names which are not actually irrelevant. They are in English and the titles are about “binary options”… My website is a health website and I didn’t write those posts. Actually when I click to “Posts”, Those posts are not among the posts… But when I click “Re-Order”, I see those irrelevant posts. Is the plugin infected or my site infected? If my site is infected, why don’t I see such posts in my back end Posts list, but only in the “Re-Order” list?
Thanks. ]]>