Code Execution vulnerability in WordPress ?

  • Unknown's avatar
    macbroadcast · Member ·

    hello ,

    i am using wordpress since 2 years without any trouble, update regulary ,but last friday, i got a mail from my hoster
    that someone “uploaded” a phishing script into my “upload folder” after i found out that the “contact form” module might causethe problem because i allways found a “wpcf7_captcha” directory in my”upload folder , i removed the module and all when fine.
    Today i ve got another mail from rsa.com that the same script is still on my site just in a “theme” folder.
    I looked into the installed “phishing script”

    [phishing URL removed]
    it seems everything is loaded from [phishing URL removed] for
    example
    [phishing URL removed] < but this is not the original banking site !!

    Is this a DNS manipulation ? [phishing URL removed] < ??? when i try
    [phishing URL removed] it redirects me to the original banking site at

    [phishing URL removed] !!!!

    After i searched for some information , i found this on the full
    disclosure list , and i am a bit concerned now….

    [Full-disclosure] Code Execution vulnerability in WordPress
    http://seclists.org/fulldisclosure/2011/Apr/535&gt;

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    supportbot · Member ·

    The blog you specified at let.de does not appear to be hosted at WordPress.com.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.

    If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.

    This is an automated message.

  • Unknown's avatar
    airodyssey · Member ·

    As the supportbot said, it looks like you have a self-hosted WordPress blog and need to ask over at WordPress.org. They’ll surely help you clean your blog.

    Of course, think of cleaning your computer as well with the proper antivirus/antimalware software.

    You may also want to notify RBC Royal Bank:
    http://www.rbc.com/privacysecurity/ca/email-and-website-fraud-3.html

  • Unknown's avatar
    macbroadcast · Member ·

    They just said i need should send to (email visible only to moderators and staff) , but no reply yet.

  • Unknown's avatar
    auxclass · Member ·

    If you emailed the bank many times they won’t answer back or at best a form reply that says “thanks we are working on it” based on my experience,

    But you really need to make friends at WordPress.ORG and clean up your site.

  • Unknown's avatar
    macbroadcast · Member ·

    Sorry the security company responsible for the bank emailed me.

  • The topic ‘Code Execution vulnerability in WordPress ?’ is closed to new replies.