Home › Forums › Support Forum › Known threat after malware scan › Reply To: Known threat after malware scan
Ah, yes, I have seen this before. The problem is that they are using the include function to render the contents of a CSS file. This improper techniques will actually result in the execution of any PHP code found in the CSS file. Hackers commonly exploit this oversight to execute malicious code. If there is no PHP code in that CSS file then you can ignore this threat or whitelist the file if you feel that this plugin is safe for now, but they really need to change that code and use “echo file_get_content” instead of include.
A stylesheets should never be loaded with the PHP “include” statement. WordPress even has a built-in method called wp_enqueue_style, which is used to safely render CSS content dynamically.
