WP site hacked… found redirect code in plugin database settings

[alexandrenorman]

Hello,

WP-Piwik version : Version 1.0.9

I found some malicious code in database in table options, entry "wp-piwik-tracking_code" had some malicious code inside.

which call a script and redirect user to other url.

I don't how how it happened… May your pluging involved or not… Regards, Alexandre

[braekling]

Currently I don’t know about an existing security issue related to the plugin. If you have any hints about the cause of this issue, please tell me.

The option usually contains the Piwik tracking code which is delivered by the Piwik Reporting API. You should immediately check if your Piwik was compromised. Use the SiteManager.getJavascriptTag API call to check if the malicious code is already delivered there, see https://developer.piwik.org/api-reference/reporting-api#SitesManager for example calls.

@mattab do you know about existing security issues?

[mattab]

Hi @alexandrenorman - Thanks for the report. Could you confirm whether the Piwik API itself returns this code? if not, it could be that the WP db was hacked. have you found this code in another place in the DB or just in the wp-piwik-tracking_code row in table option?