i disabled the plugin, until they release a fix
so currently its not resolved
-
This reply was modified 5 months, 4 weeks ago by
saveatrain.
Pop ups were injected with the code and events were changed from On Click to On load making all pop ups to appear at the same time on any page. When a fix is going to be released?
Is this solved??… today my website also started showing popups broken and my antivirus is showing vulnerable on all the pages
screenshot: https://snipboard.io/hdJwqM.jpg
updated to the latest version 4.2.6 but it has not solved it… had to disable the plugin for it to stop showing it.
any solution??
yes, go to the plugin css settings and remove the implemented code that the virus injected.
Hi thanks for replying…
However in all my 3 popups… i did not find any code in the css settings in each of the popups, Anything more to check?
https://snipboard.io/bWGmC8.jpg
How about JS section? Mine was there. Removed the code in all popups, changed the settings back to load on click and it works fine now but still waiting for the fix.
No nothing… I ended up creating again all 3 new and deleting the old ones… all is working well now… wonder what happened…
PS: Forgot to mention… I noticed that the type of each popup changed to HTML from subscription and on load instead of on click. So creating again new was the only option as I could not change back to subscription.
Visit the bleepingcomputer link above from @saveatrain. You need to check your “wp-blog-header.php” file as well.
Initially my entire site was broken because the wp-blog-header.php was corrupted. It was replaced with a fresh copy then got changed again about a month later. The original code was in an old Popup that was inactive and was found in the custom JS section labeled “#2 Add the code you want to run before the popup opens….”
I also found the fake WP_felody files in the plugins folder of the site files. It does not show up as a plugin in the WP Dashboard.
“yourwebsitedomain”/wp-content/plugins/wp-felody/
Hi All,
This issue has been fixed with our latest Release, please update your plugin to the latest version.
Please also, check your custom JS/CSS menu under the popup and if you have any unknown code, please remove it. Also, please make sure you don’t have any unknown admin account on your site.
If you require further assistance or have any additional questions, please don’t hesitate to contact us through our support portal. Our team is always here to help!
https://help.popup-builder.com/en/
Sincerely,
i can see the code is injected in database under the postmeta table. Plugin is updated but malware still there. Any suggestions?