Vulnerability in grabbing the current URL

Hi there,

I received a mail from Google, saying one of my sites were hacked. They detected hacked content on my website. I spent about 4 hours figuring out how this was possible. Searched the whole database, scanned all folders and also ran an Antivirus and malicious code scanner. None of the scans found any hacked content.

Then I started looking at the php code of my WordPres theme. The code was referencing the most sold woocommerce product and was displaying it in the footer of the website. Please see in attached screenshot “WahooFitness_Image1″. In the screenshot you can see that the ‘Add to Cart” button links to a spam link. When looking at the code, there is no spam. Please see a screenshot of the code as attached in WahooFitness-Image2.

[removed]

All this came from a vulnerability in the “WooPress – Responsive Ecommerce WordPress Theme” where they did bad coding and caused me site to be marked as SPAM. Would love to hear what the community has to say about this and I really do hope Google.

[removed]