Надо понять, смысл этих строк.. Внести ясность: malware, base64, wtf.. Код: Title : Title No reference to add_theme_support( "title-tag" ) was found in the theme. It is recommended that the theme implement this functionality for WordPress 4.1 and above. The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output. The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output. The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output. Код: Security breaches : Use of base64_decode() Found base64_decode in file OAuth.php. Line 202: $decoded_sig = base64_decode($signature); Found base64_decode in file functions.php. Line 410: update_option('codeus_theme_options', unserialize(base64_decode($settings['settings']))); Line 413: update_option('codeus_theme_options', unserialize(base64_decode($_REQUEST['import_settings']))); Found base64_decode in file functions.php. Line 405: update_option('codeus_theme_options', unserialize(base64_decode($settings['settings']))); Line 408: update_option('codeus_theme_options', unserialize(base64_decode($_REQUEST['import_settings']))); Код: Security breaches : Use of base64_encode() Found base64_encode in file OAuth.php. return base64_encode(hash_hmac('sha1', $base_string, $key, true)); return base64_encode($signature); Found base64_encode in file functions.php. <textarea name='import_settings' cols='100' rows='8'><?php if($settings = get_option('codeus_theme_options')) { echo base64_encode(serialize($settings)); } ?></textarea> update_option('codeus_theme_options_backup', array('date' => time(), 'settings' => base64_encode(serialize($settings)))); Found base64_encode in file functions.php. <textarea name='import_settings' cols='100' rows='8'><?php if($settings = get_option('codeus_theme_options')) { echo base64_encode(serialize($settings)); } ?></textarea> update_option('codeus_theme_options_backup', array('date' => time(), 'settings' => base64_encode(serialize($settings)))); Код: Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe class="wrap-box-element" width="100%" height="<?php echo (int)codeus_get_option('contacts_map_height'); ?>" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="https://maps.google.com/maps?q=<?php echo $lat = (float)codeus_get_option('contacts_map_latitude'); ?> in file header.php. Line 109: <div class='block map'><iframe class='wrap-box-element' width='100%' height='<?php echo (int)codeu Found <iframe src="//www.facebook.com/plugins/likebox.php?href=<?php echo urlencode($fb_page_url); ?> in file widgets.php. Line 744: <div><iframe src='//www.facebook.com/plugins/likebox.php?href=<?php echo urlenco Found <iframe class="wrap-box-element" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="https://maps.google.com/maps?q='.$lat.','.$long.'&ll='.$lat.','.$long.'&z='.$zoom.'&output=embed"> in file shortcodes.php. Line 1551: $return_html .= '<iframe class='wrap-box-element' frameborder='0' scrolling='no' marginheigh Код: Malware : Operations on file system fopen was found in the file twitter.lib.php Line 137: $fh = fopen($myFile, 'w') or die('can't open file'); fwrite was found in the file twitter.lib.php Line 139: fwrite($fh, $stringData); fclose was found in the file twitter.lib.php Line 140: fclose($fh); file_get_contents was found in the file twitter.lib.php Line 146: $file = file_get_contents($tweets_cache_path, true); file_get_contents was found in the file OAuth.php Line 272: file_get_contents(self::$POST_INPUT) file_get_contents was found in the file functions.php Line 999: $fontsList = json_decode(file_get_contents($font_file)); file_get_contents was found in the file functions.php Line 994: $fontsList = json_decode(file_get_contents($font_file)); Malware : Network operations curl_init was found in the file twitter.lib.php Line 86: $curl_handle = curl_init(); curl_exec was found in the file twitter.lib.php Line 90: $data = curl_exec($curl_handle); curl_init was found in the file twitteroauth.php Line 199: $ci = curl_init(); curl_exec was found in the file twitteroauth.php Line 225: $response = curl_exec($ci); Код: Deprecated functions : wp_tiny_mce wp_tiny_mce found in file black-studio-tinymce-widget.php. Deprecated since version 3.2. Use wp_editor instead. Line 219: if (function_exists('wp_tiny_mce')) { Line 220: wp_tiny_mce(false, array()); Line 222: if (function_exists('wp_tiny_mce_preload_dialogs')) { Line 223: wp_tiny_mce_preload_dialogs(); Line 228: if (function_exists('wp_tiny_mce')) { Line 229: wp_tiny_mce(false, array()); Deprecated functions : wp_preload_dialogs wp_preload_dialogs found in file black-studio-tinymce-widget.php. Deprecated since version 3.2. Use wp_editor() instead. Line 231: if (function_exists('wp_preload_dialogs')) { Line 232: wp_preload_dialogs(array('plugins' => 'wpdialogs,wplink,wpfullscreen'));
по сути берутся сэттинги, тут какие-то $_REQUEST['import_settings'] из запроса и просто декодирует и десереализует и пихает куда-то в опции.. но в целом ничего серьёзного. Malware ругается на то, что курлом отправляется запрос куда-то на твиттер (по идее). валидатор какой-то стрёмный, он просто боится base_64 и curl) без самого шаблона сказать трудно что куда и откуда ноги растут.
