Plugin used for hacking

Same here, 2 sites being installed this plugin, and this plugin wont show on your plugin list until you search the plugin name.

Are you guys site added 2 admin user under pif[dot]com as well?

Let’s find the common point of this cause, both of my site is using Woodmart theme (themeforest[dot]net/item/woodmart-woocommerce-wordpress-theme/20264492)

The theme being mark high risk by patchstack and Malcare.

• This reply was modified 1 year, 6 months ago by MK Chan.
• This reply was modified 1 year, 6 months ago by MK Chan.
• This reply was modified 1 year, 6 months ago by MK Chan.

I use the same theme MK Chan! En also have seen the admin users.

That’s the issues, need to report this to theme author for sure. I believe a lot more to come. And I found a thread that theme author don’t really treat this seriously.
xtemos[dot]com/forums/topic/automatically-update/

I experienced a hack on my site and found this plugin as well (also not in the plugin list, but in my main directory). I also found a plugin (that was in my list), called Hello Press, which looks like a rip-off of the Hello Dolly plugin.

I am using the standard WordPress Twentynineteen Theme.

Has anyone uncovered any further information?

• This reply was modified 1 year, 6 months ago by calliopeconsulting.

Interestingly, Post Layouts for Gutenberg will display in your plugin list if you search for it, but it does not show by default:

https://www.dropbox.com/s/yx6i144uidp9num/2023-05-20_18-06-44.jpg?dl=0

Today I also found out that the plugin was used for XSS. It has big valnurability issues. Someone must check on that.

Hello @keeslamper, @MK Chan, @calliopeconsulting, @Efs,

I have recently updated this plugin to newer version and cross tested the latest version of WordPress and compatibility of PHP version.

And resolved some warnings and notices that appear with the debug log.

You can feel free to use our plugin with laetst update.

Thank you!