Random redirect Hack in Jevelin Website - Process

Home Forums Jevelin Theme Random redirect Hack in Jevelin Website – Process

Home Forums Jevelin Theme Random redirect Hack in Jevelin Website – Process

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • eventswestjohn
    Participant

    Hi. We are going through the process of trying to find what is causing a random (i.e. only happens sometimes) malware malicious redirect.

    We have gone though the process of scanning the site using multiple Malware scanning Plugins. We have gone through and checked all possible issues and corrected if required but we are still having the problem, randomly.

    WORDFENCE has also detected a vulnerability in the Version of Slider Revolution that you have as part of your update which may have been the cause of the issue but I do not have any ability to update it. Please see this link.
    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/revslider/slider-revolution-6710-authenticated-contributor-stored-cross-site-scripting-via-elementor-wrapperid-and-zindex

    WITH REGARDS TO the Unyson Page Builder, WORDFENCE does not list this as having a vulnerability, only that it is no longer supported or downloadable on WordPress.org. Can you confirm that it is still safe to use this Unyson Page Builder? It is still working without any problems for us.

    We are currently going through all plugins, deleting them 1 by 1 and then reinstalling, to make sure the malicious code is not within one of the plugins.

    With regards to the Slider Revolution can this be upgraded manually? Can this be done separately to the jevelin theme or will it cause other problems if it is deleted and then reinstalled / setup. Can you tell me the process for dong this.

    eventswestjohn
    Participant

    In additional please see pics attached of the Malicious redirect.

    Redirect happens only very occasionally, when loading loading the main url (in this case eve______.com.au) and after it happens once on a particular PC / Phone, it may not do it again for quite a long time., making it very hard to see if any changes have made a difference.

    Also attached is picture from WORDFENCE re Slider Revolution vulnerability in Version that comes with Jevelin (Current Slider Revolution Plugin Version: 6.7.10) it needs to be updated to 6.7.11 or above.

    Attachments:
    You must be logged in to view attached files.

    Shufflehound
    Moderator

    Hi there,

     

    We have included the Slider Revolution update in our latest beta version below:


    Please login to access this file

     

    Regarding the Unyson plugin, all we know is that its WordPress.org page states: “This plugin has been closed as of October 11, 2023, and is not available for download due to a security issue.”

     

    We also recommend reinstalling your current WordPress version from the dashboard to refresh the WordPress system files.

     

    Best regards,

    Shufflehound Team

    eventswestjohn
    Participant

    Hi, do you have instructions for updated theme with the downloaded file. As opposed to the normal way (when updates are available via WordPress)?

    Shufflehound
    Moderator

    Hello,

     

    Sure! Here is how you can update the theme manually via the dashboard:

    1. Download the updated theme file.
    2. Go to your WordPress dashboard.
    3. Navigate to Appearance > Themes.
    4. Click on Add New and then Upload Theme.
    5. Choose the downloaded zip file and click Install Now.
    6. Once installed, click Activate to use the updated theme.

     

    If you need further assistance, feel free to reach out.

     

    Best regards,

    Shufflehound Team

Viewing 5 posts - 1 through 5 (of 5 total)