Three Column Screen Layout WordPress Plugin 🔴 Exploit

Three Column Screen Layout WordPress Plugin 🔴 Exploit

Another website got hacked and the owner noticed weird chinese characters in search results for his website.

weird chinese characters
weird chinese characters

The index.php file contained the following code:

decoded 1024x542 - Three Column Screen Layout WordPress Plugin 🔴 Exploit

Initially, the point of entry for this malicious code was a plugin named Three Column Screen Layout that has a vulnerability which as many other WordPress users report is being actively exploited in the wild.

The POST request that injected this code was uploaded via an AWS IP.

The Three Column Screen Layout WordPress plugin was installed several times under random names:

Three Column Screen Layout WordPress Plugin Exploit
Three Column Screen Layout WordPress Plugin Exploit

After cleaning up the website we requested a review from Google via search console to remove the Dangerous site ahead warning.

whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.