Wordfence Critical Problems

Mr.007

Member

Aug 18, 2020

37

16

8

The Netherlands

• Aug 27, 2020

• #1

So i just received a e-mail from wordfence with some problems.
Since am new to nulled plugins i need to ask you all something.

Code:

Critical Problems:
* File appears to be malicious: wp-content\plugins\js_composer\config\buttons\shortcode-vc-btn.php
* File appears to be malicious: wp-content\plugins\revslider\admin\includes\class.plugin-modules.php
* File appears to be malicious: wp-content\plugins\js_composer\config\buttons\class.plugin-modules.php
* File appears to be malicious: wp-content\plugins\js_composer\config\buttons\shortcode-vc-cta.php
* File appears to be malicious: wp-content\plugins\revslider\admin\assets\class.plugin-modules.php

Is this something i need to worry about ?
I looked into the files and i could find anything weird, beisde one thing, in a couple of files.



Can somebody help me out please ?
Thank you.

 

Ikki

Member

Jun 3, 2020

70

29

18

JP

• Aug 27, 2020

• #2

Do you have the last version of both plugins? VC and SR?

 

MrSam_1

Well-known member

Administrative

Trusted Seller

Dec 1, 2018

24,129

27,393

120

• Aug 27, 2020

• #3

What you shared in the picture is a malware code. Provide more details about what you installed.

 

Mr.007

Member

Aug 18, 2020

37

16

8

The Netherlands

• Aug 27, 2020

• #4

It says its from js_composer and revsilder
Here are my plugins:




Yeah i have the latest from both plugins
Right now i un-installed the 2 plugins that contained the maleware and installed them again.

 

Last edited: Aug 27, 2020

frizzel

Well-known member

Trusted Uploader

Jun 13, 2019

485

253

63

Wherever my imagination takes me

• Aug 27, 2020

• #5

Mr.007 said:

It says its from js_composer and revsilder
Right now i un-installed the 2 plugins that contained the maleware and installed them again.

Click to expand...

Did the problem go away by re-installing the plugins? In other words, the malware script is not present in the original plugin files?
If that's the case then the malware script was injected. What theme are you using?
Also, as a precaution, I would immediately change the login password.

 

frizzel

Well-known member

Trusted Uploader

Jun 13, 2019

485

253

63

Wherever my imagination takes me

• Aug 27, 2020

• #6

Oh wait, it seems what you have is a well-known malware called WP-VCD. Google it and you'll see the explanations.

Are you sure (absolutely sure) you got the plugins Revolution Slider and Visual Composer from here on Babiato? Because I just checked the RevSlider I got from here and there is no such file (class.plugin-modules.php) in the assets directory nor in the includes directory.

 

• 

Reactions: Mr G

Mr.007

Member

Aug 18, 2020

37

16

8

The Netherlands

• Aug 28, 2020

• #7

I did another scan and this time the error did NOT show up.
I changed my password of wordpress, and mysql just in case.

I think both came from another site, before i found this site.
I installed the once from this site right now

PS: My theme right now is the7 before that uncode.

 

• 

Reactions: jollygiraffe

Ikki

Member

Jun 3, 2020

70

29

18

JP

• Aug 28, 2020

• #8

Delete both plugins and reinstall, only download in babiato.
I recommend update wordpress files too and scan all the website for malware code. This guys working in js in databases, functions.php and plugins index (header and footer)

 

• 

Reactions: smalok