Malware Injection?

Hi,

Please make sure to update the Bold Builder to the latest version – 2.3.2, we have introduced the additional sanitization of the fields both on input and output side, so it strips all html tags before output making possible execution of code non effective.

Also please make sure that you do not have additional users on wp-admin Users panel – so no unwanted logins are allowed

Please let us know if this resolves the issue.

I had two sites impacted by this serious security flaw in 24 hours (21/08/2019). It enables the attacker to create an administrator account (even if you have registration disabled). In addition, it installs malware that will redirect all clicks on your home page to their 3rd party redirector (currently getasharedlink but they can change it).

Note: if you are logged into your website (as many of us are) you WON’T see the redirection. You need to be logged out, incognito.

Needless to say at the point an admin account is created all bets are off and you will need to reinstall your site back to a known safe point. Just deleting their admin account leaves the possibility they have left other backdoors on to your system.

Bold themes thank you for the quick fix. But you really need to be doing as much as possible to inform your customer base given the severity of the problem. This really is a worst-case scenario, especially if you are looking at 20,000 active installs. Good luck!

Of course immediately i made the update ??
And many thanx for the quick reaction!

But i have to agree in all points to scyta1e – no information ’bout the severity of the problem to your customers – that is not how it works (with an eye on elementor i.e.) ??

Thanks a lot for additional info and your insights. We are indeed actively working on informing the users about the problem and the available patch.