[Solved] javascript vulnerabilities?

I've just spent the last 3 days cleaning up hacked sites and malware that both use wp-checkout -- one upgraded to current version, one not -- google banned a site and targeted js in the plugin.  Are you guys aware of anything -- is anyone else having issues?


  • 9 Comments sorted by
  • Vote Up0Vote Down

    again today - after installing clean files, wp-checkout js files have been hacked.

  • Vote Up0Vote Down


    Thank you for your posts and sorry to hear about the inconvenience of this.

    I will assist you to resolve the problem asap.

    We are not aware of any Javascript vulnerabilities in the plugin.

    I assume if Javascript files are hacked that the hack is actually coming from somewhere else.

    I can help you here but depending on sensitive information or not, best would be if you submit a ticket to us and attach the hacked file and provide information on the hack, please. You can submit the ticket here: http://tribulant.com/support/

    I look forward to hearing from you to assist you with this in our help desk.

  • Vote Up0Vote Down

    I've replaced the plugin files twice, locked down & changed passwords - so far so good. 

  • Vote Up0Vote Down


    Ok that's good to hear.

    Please post back if it occurs again.

    I highly recommend that you install a security plugin on your WordPress site to prevent any further hacks or problems related to security. 

  • Vote Up0Vote Down

    I have another (new) issue on another client site with wp-checkout.  I've installed Wordfence, changed all passwords, replaced all core files and theme files, installed a clean set of wp-checkout files then had an upgrade nag, so upgraded through the admin panel.  I ran a new wordfence scan and there are 7 errors, all of them in the wp-checkout plugin files.  Here's one:


    File appears to be malicious: wp-content/uploads/wp-checkout/suppliers/alias.php


    Filename: wp-content/uploads/wp-checkout/suppliers/alias.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 mins ago.
    Severity: Critical
    Status New


    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "strtoupper($qV[4].$qV[3].$qV[2]".

  • Vote Up0Vote Down

    is this a legit file/line?  Should these be "ignored"?

  • Vote Up0Vote Down


    No, that is not a legitimate file, the plugin doesn't have such a file as suppliers/alias.php

    Please remove that file.

    Did you see what I mentioned about installing a security plugin?

    Can you please consider that as it will prevent hacks on your site.

    See iThemes Security: https://wordpress.org/plugins/better-wp-security/

  • Vote Up0Vote Down

    Yes, I installed wordfence.  :)

  • Vote Up0Vote Down


    Great, that's good. It should protect you from malicious hacks and brute force attacks.

    And please remove that malicious file.

Sign In or Register to comment.