vcr38

Another question, have you used the Advanced Custom Field Pro or Free plugin but in an older version?

Absolutely not, but I still got infected.

Ok thank you, the only one I obviously have in common is Contact Form 7. When were you hacked? For me it was between December 23 and 25, 2023.

Hello, do you have the list of themes / plugins you use? We obviously all have a flaw in common but it would be nice to find it.

Hello, what plugins and themes are installed?

Hello, I had exactly the same problem, did you find a solution?

Do we know what the purpose of this malware is?

I’m currently looking at a reddit thread dedicated to the subject. Do you have an old version of ACF installed on your site?

Another thing, what consequences did this have on your sites? Just inaccessibility? Data theft?

For my part the wp-includes/pluggable.php file has also been modified

Do you use elementor ?

Have you found the entry point for the virus?

I don’t have wp-includes/blocks/pullquote/.9c53ce5f.ccss

Ok thank you, I’m looking on my side too, I’m interested in your investigations if you find anything.

Ok thank you, I’m looking on my side too, I’m interested in your investigations if you find anything.
By any chance, do you use the plugins: Light start – maintenance mode or All in one wp security? What about the Nova code editor? Currently these are the common points on my two affected sites.

Good morning @markuzzi,

Thanks for your feedback. Did you find the cause of this hack? A specific plugin or software/code editor?
Did the problem return after you cleaned it?
Did you only go through the Wordfence scan?

Thanks for your help.

Hello @dgcov , did you find the solution? I am currently encountering the same type of malware.