Split: Security problem with theme Woodmart

Hi,

Im encountering the same issue with two of my websites that have your theme installed. One of them had the latest version 7.3.1 while the other one had 7.2.5
A script was injected in every html and a plugin called “wp-swamp” has been installed (visible only on file manager). This is the second time that the same problem is happening because of woodmart core vulnerability.

Its worth mentioning that I had no other plugin installed except the ones that come with woodmart.

Please investigate this issue asap because its a major issue happening twice now in a short period and causing lots of damage to my clients websites and my companies credibility.

Hello,

Please deactivate all the plugins except these ones:

Slider Revolution
WPBakery Page Builder or Elementor
Woodmart Core
Contact Form 7
MailChimp for WordPress
WooCommerce
Safe SVG

If the problem has gone, activate the plugins one by one, checking the issue to detect which one causes the problem.

In case, the problem remains, even after all the plugins are deactivated, provide your site admin access (insert the site credentials into the Private content block under the message area) and confirm the permission for plugins deactivation, switching to the parent or default theme. As soon as we complete the testing we will enable all back, however, the site would be without plugins for 15-20 min. You would better make the full backup of your site.

Best Regards

Did you even bother to read my comment?

“Its worth mentioning that I had no other plugin installed except the ones that come with woodmart.”

Woodmart Core is having vulnerabilities. I have already cleaned the websites because they have thousands of visitors per day and are online shops. The same thing happened a month ago https://xtemos.com/forums/topic/theme-security-issue-injections/ a script is being injected in every html page: products, pages, media descriptions, size guides. This issue is happening only with the websites that have the woodmart!! Same thing that happened to the original comment on this thread!

Please issue a patch ASAP because the websites are being injected and imagine the harm its causing when a major shop or a kids bookstore redirects you to a porn website.

Hello,

Please insert the site admin access into the Private content below the message area. We will take a closer look at the case.

Please, confirm the permission for plugins deactivation, and switching to the parent theme. As soon as we complete the testing we will enable all back, however, the site would be without plugins for 15-20 min. You would better make the full backup of your site.

Best Regards

I also had the same issue, the site was riddled with viruses.

Is WP File manager part of the original plugins or is this an add on by a hacker?

I might mention that my security and passwords are crazy strong so the vulnerability is in the theme.

[Author]

Posts