Found 1 known thread in WordPress after the update

Lana Studley

• September 13, 2021 14:22

Hello,

The following items highlighted in yellow had been found to contain malicious code, they have been cleaned and the malicious contents have been removed. A record of the infection has been saved here in the Quarantine for your review and could help with any future investigations. The code is safe here and you do not need to do anything further with these files.

 

Found 1 known thread by

Anti-Malware from GOTMLS.NET

Updates & Registration

I pressed fixed the file, it's now in quarantine. It happened on two wesites that have Brizy and Brizy Pro installed. 

#!/usr/bin/env php
<?php
$url = 'https://api.wordpress.org/core/version-check/1.7/';
$response = file_get_contents($url);

$obj = json_decode($response);
$testedUpTo = $obj->offers[0]->version;
$minPhpVersion = $obj->offers[0]->php_version;

function error($message,$code) {
$fh = fopen('php://stderr','a');
fwrite($fh,$message);
fclose($fh);
exit($code);
}

//small validation
if( !isset($argv[1]) ) {
error('First filename argument not provided',0);
}

if( !file_exists($argv[1]) ) {
error('First filename not exists',0);
}

if( !isset($argv[2]) ) {
error('Second filename argument not provided',1);
}

if( !file_exists($argv[2]) ) {
error('Second filename argument not exists',1);
}

// README.md
$content = file_get_contents($argv[1]);
$content= preg_replace("/Tested up to: (.[0-9\.]+)<br>/m","Tested up to: {$testedUpTo}<br>",$content);
$content= preg_replace("/Requires PHP: (.[0-9\.]+)<br>/m","Requires PHP: {$minPhpVersion}<br>",$content);
file_put_contents($argv[1],$content);

// readme.txt
$content = file_get_contents($argv[2]);
$content= preg_replace("/Tested up to: (.[0-9\.]+)/m","Tested up to: {$testedUpTo}",$content);
$content= preg_replace("/Requires PHP: (.[0-9\.]+)/m","Requires PHP: {$minPhpVersion}",$content);
file_put_contents($argv[2],$content);

exit(0);
?>

 

Please explain and help.

Thank you. 

Lana

0

• 

  Mihail Stremenovskii

  • September 14, 2021 08:42

  Hello Lana!

  Thank you for your report. We appreciate it.

  In the next plugin update, we will remove mentioned file.

  Sorry for the inconvenience.

  Kind regards,

  Mihail

  0
• 

  Lana Studley

  • September 14, 2021 14:34

  Thank you, Mihail, Can you please tell me when to expect the update? Can you also elaborate on why there was a malicious code in the Brizy plugin? Thank you, Lana

   

  0
• 

  Mihail Stremenovskii

  • September 15, 2021 09:09

  Hello Lana. 

  Don't worry it will be really soon.

  Thank you for your patience. 

  Note! Please do not reply to noreplay email, cause your message is added to SPAM box and can be missed. 

  Kind regards,

  Mihail

  0
• 

  Mihail Stremenovskii

  • September 16, 2021 13:02

  Hello Lana,

  Mihail is back here. We have the fix on the malware bug report, in the latest versions Brizy FREE 2.3.16 // Brizy PRO 2.3.13;

  Thank you for reporting this issue!

  If you have any others, please, let me know!

  Thank you!

  Kind regards,

  Mihail

  0

Please sign in to leave a comment.