Malicious files detected in Brand New Plugin

  • We just purchased several licenses of XYZ Social Media, and wordfence has flagged the files to be malicious:

    Critical Problems:
    * File appears to be malicious: wp-content/plugins/xyz-wp-smap/admin/add-account.php
    * File appears to be malicious: wp-content/plugins/xyz-wp-smap/admin/manage-accounts.php
    * File appears to be malicious: wp-content/plugins/xyz-wp-smap/admin/xyz-wp-smap-key.php
    * File appears to be malicious: wp-content/plugins/xyz-wp-smap/api/pinterest.php

    All warnings include this: The text we found in this file that matches a known malicious file is: “ZXZhbC”. I also viewed the file itself, and it looks like a long string of garbage – I’ve never seen a file like this before.

    I’ve already scanned the site with sucuri, and it came out clean, however I don’t believe it scanned that specific plugin directory: https://sitecheck.sucuri.net

    Where can I go to determine whether or not we need to remove these immediately?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Malicious files detected in Brand New Plugin’ is closed to new replies.