Thread Starter
nvphuc
(@nvphuc)
Sorry, those files are actually not included in the plugin. This plugin has no security issues itself. It infected by other issue. Please delete my post. Thanks.
I think this plugin does have a security flaw as a website I manage has been infected with malware just in this plugin directory and the root directory. Nothing else was affected.
FYI the plugin was not active at the time either.
-
This reply was modified 4 years, 3 months ago by
thewpguy.
adding this comment so I will also get the replies.
This plugin is not and does not contain a virus or known vulnerability. It is a WordPress core feature plugin. Someone else places malicious code in this plugin’s folder. It’s also possible that they also automatically download this plugin to disguise their code.
If you find malicious code in this plugin’s folder, your site likely has a vulnerability elsewhere that needs to be addressed. You can remove and reinstall this plugin to remove the malicious files from this folder but they may get re-added if the actual vulnerability still exists. The legitimate version of this plugin only has three files:
– readme.txt
– background-image-cropper.php
– background-image-cropper.js
I have found WGET for /wp-content/plugins/background-image-cropper/content-post.php
which suggests the malicious components are present to attempt to break in with a wordpress site
I do not use the tool so it shows an attack pattern exists
