How to fix vulnerability exploit from versions <2.10.1

What happend?

In the versions of the main plugin before 2.10.1 there was a vulnerability which allowed attackers to inject code in the option fields of the plugin. It was used mainly to inject ads.

The premium add-on was not affected.

Is it safe now?

Yes. I had the plugin checked by and everything is secure. You can find more details here: Audit Results

And wpscan confirmed the fix:

Is the add-on affected as well?

NO. It is only the main plugin.

I am affected, what can I do?

Step 1: Update

Update to the newest version. This fixes the vulnerability and reduces the affects of the injected javascript. BUT the javascript still exists in the option fields. And this JS might cause the plugin not to work properly anymore.

Step 2: Clean the fields

You have to go through all the settings of the plugin to look for suspicious code. Mostly the json was affected in the “Im & Export section.”

What I have seen so far, is that the complete settings string is corrupted. So you have to configure the plugin from scratch again.

You can use this default config:

Add the content to the “Im & Export” Area of the Plugin.

If you want to do checks in the database directly, you can use this query for it:

SELECT * FROM options 
option_name like "%nsc_bar%"

Step 3: Clear caches

Delete all your caches for example if you use a wordpress cache plugin or server cache like nginx.