Philadelphia cheese recipe.Claim Your Free 999 Pesos Bonus Today

Resolved Salvatore
(@mistyanet)

1 year, 10 months ago

Hallo there,

We run the latest version of your plugin on our WooCommerce, we do our best to use always the latest version.

In the last few weeks we have started to receive reports from our users. They informed us that their antivirus software was reporting our site as infected.

Indeed, we found that in some cases there was external javascript on our site. As visible in this screenshot https://shottr.cc/s/Wu21/SCR-20230109-nxw.png

After lengthy analysis, we discovered that this javascript is injected by your plugin, via the option “iubenda_cookie_law_solution” which has somehow been overwritten with an eval

https://shottr.cc/s/WzDz/SCR-20230109-nu0.png

Cleaning up the “iubenda_cookie_law_solution” option the malicious javascript disappeared. Was it an old vulnerability? Is it safe to reactivate the plugin?

Viewing 1 replies (of 1 total)

Plugin Author iubenda
(@iubenda)

1 year, 10 months ago
Hi Salvatore,

Thank you for your detailed report!

Regarding the reports received by your users, we can assure you that if you’re using any version greater than 3.3.3 your website is safe. Please note that you may also encounter recent notices saying that more recent versions of our plugin still has a security vulnerability, but they are just incorrect statements.

For reference, you can find here a previous question about this topic: https://www.ads-software.com/support/topic/security-vulnerability-and-versions/#post-16339942

In particular, the links with the vulnerability reporting a wrong version were:
1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/iubenda-cookie-law-solution/iubenda-357-reflected-cross-site-scripting
2. https://patchstack.com/database/vulnerability/iubenda-cookie-law-solution/wordpress-iubenda-plugin-3-5-7-reflected-xss-vulnerability
As you can note, they deleted them, and the URL are not reachable.

As said, the iubenda plugin had a vulnerability prior to v3.3.3, that has been fixed with version 3.3.3 (or higher) but we can’t confirm that your specific injection was caused by the previous vulnerability.

In any case, we recommend:
- To review all the registered users with admin privilege/access on your website;
- To clean plugin data/storage, you can click on “Plugin settings” (https://prnt.sc/Il3wwMKKDM7w), select “delete all plugin data upon deactivation” (https://prnt.sc/jPPrEbu6IPaD), then go back to the Plugins page (https://prnt.sc/MpwE8xTfY -Za )?and disable our plugin;
- Update our plugin to the latest version and reconfigure it;
Hope this helps!

Viewing 1 replies (of 1 total)

The topic ‘Malicious Javascript Injection’ is closed to new replies.

Tags