Looks like there’s an exploit going around that appears to be similar in nature to the TimThumb vulnerability. If you noticed a bunch of “Cannot Redeclare” errors when browsing your website recently with eval code, chances are you’ve become a victim of this attack. Jeff Starr of DigWp.com and co-author of the book, Digging Into WordPress has laid out a series of steps on how you or consultants can clean up the mess that’s left behind. It’s also worth noting the following forum thread on the WordPress.org support forums where a number of people have been trying to investigate how this attack works.
Category: WordPress
It’s really easy to spot on sites using child themes. They put the same code in all theme files, and because of the child/parent relationship, you get the “cannot redeclare” error – cuz the function is in there twice. ;)
Note this is not a theme vulnerability, rather a server side one (or possibly plugins). Basically they find a way to be able to edit your files – no matter what files they are.