WARNING !! ABOUT THEMEFOREST ROYAL THEME...

***me-alain*** · (This post was last modified: 12-03-2014 06:57 AM by me-alain.)

An M****

because I call'd it a M**** Angry

and the term is still weak, slipping malicious code in the theme files.

It is also add the domain name directly into some images of theme options.
This M**** Angry

, that big M**** Angry

, it is called wplocker.com. Angry

An example :
If you change Royal theme options in the options of the theme and click on save changes, a black image appears referring to domain wplocker.com Angry

To remove this malicious code, go to the theme folder :
option-tree/includes/ot-ui-theme-options.php - and at line 39, delete the following codes :

Code:

<br><img src="http://www.ten28.com/yt.jpg">

For images that have been tagged with the domain wplocker.com Angry

visit the folder-tree option/assets/images/and option-tree/assets/images/headers and remove and replace the images in the folders below below :

Code:

http://www53.zippyshare.com/v/90877457/file.html

PS: If you have some time to spare, go to wpocker.com Angry

and spit your venom at this M****

****************

New find :

In folder framework/theme-options.php - line 2072 delete codes :

Code:

<br><img src="http://www.lolinez.com/sg.jpg">

- Another image that appears in the theme options

***DaniloIN*** · 12-03-2014, 09:18 AM

Thanks
Please keep us informed like this

***Jezuz*** · 12-03-2014, 12:57 PM

Quite usual with wplocker. Been years since they started doing it over there.

***DaniloIN*** · (This post was last modified: 06-26-2015 11:43 AM by DaniloIN.)

New backdoor from wplocker.com at latest theme-update 2.0

<img src="http://www.ten28.com/qa.jpg">

/framework/theme-functions.php
base64 - PGltZyBzcmM9Imh0dHA6Ly93d3cudGVuMjguY29tL3FhLmpwZyI+

***Angelina*** · 06-26-2015, 02:40 PM

I'm surprised people even download anything from WPLocker. You couldn't pay me to use anything from there.