Warning: Cannot modify header information

  • Hello,

    First, I encounter an issue on my website. When I access the wp-admin page, it will redirect to another website “tuniaf.com” wich ask to enable notification. After some reserach, there are a CVE XSS with the pluggin “Ultimate Member”. I’ve updated the plugin in the lastest version.

    The redirection is not present now but when I try to login on the wp-admin page, it redirect me to a blank page with the number “1”, nothing else. I try to enable the debbuging mode and I got this error :

    Warning: Cannot modify header information – headers already sent by (output started at /customers/f/5/b/XXX.com/httpd.www/wp-config.php:1) in /customers/f/5/b/XXX.com/httpd.www/wp-includes/pluggable.php on line 1219

    And also :

    Warning: Cannot modify header information – headers already sent by (output started at /customers/f/5/b/XXX.COM/httpd.www/index.php:1) in /customers/f/5/b/XXX.COM/httpd.www/wp-includes/pluggable.php

    I’ve look the line on this file but nothing for me seems to be wrong. After some research, it appear that the file “pluggable.php” is caused by a custom code snippet or a badly codded plugin. Maybe the the Ultimate Member habe been modified due to the CVE issue.

    Someone can help me to fix this issue ?

    Best regards,

    • This topic was modified 6 years, 6 months ago by hdeuxo.
    • This topic was modified 6 years, 6 months ago by hdeuxo.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter hdeuxo

    (@hdeuxo)

    For info, the line 1219 is the following :

    header(“Location: $location”, true, $status);

    Please add this code before get_header() functions

    Thread Starter hdeuxo

    (@hdeuxo)

    Hello,

    Thanks for your reply.

    But I don’t know in wich file I need to add the code ?

    Can you give me more detail ?

    Bests regards

    Thread Starter hdeuxo

    (@hdeuxo)

    Hello,

    I have replaced the file “www/index.php” and the file “www/wp-config” by an backup from 2 weeks and it seems to be working.

    So the plugin Ultimate Member is now updated.

    What do I need to do after all this operations ?

    Best regards.

    I was accessing Ultimate Member and I now have my site redirecting to Tuniaf.Com

    Can anyone advise on how to fix this?

    Thank you

    Thread Starter hdeuxo

    (@hdeuxo)

    Hello,

    If you have access your dashboard, try installing the following plugin :

    https://www.ads-software.com/plugins/sucuri-scanner/

    It will analyze your website for malicious file and modified core file. And after you can take action to delete it or restore it from backup.

    It save me many hours.

    Best regards.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Warning: Cannot modify header information’ is closed to new replies.