This time we had to clear out a database injection, caused by a Blog Designer plugin vulnerability. It was fairly simple to to locate the malicious script – it was added by changing “custom_css” value.
Sample code:
script language=javascript>eval(String.fromCharCode(118, 97, 114
Users were directed to: hxxps://stats.garrygudini[.]com/flask.js?t=t& ; domain is now blacklisted by ESET, McAfee and Sucuri Labs.
To sort this issue, simply clear the JS code and update Blog Designer plugin.
Easiest way to clear the JS code would be to go to -> blog designer settings page -> look for “Custom CSS” -> clear malicious code.
Useful links:
https://www.webarxsecurity.com/wordpress-plugin-blog-designer/
https://wordpress.org/support/topic/redirecting-to-spam/