WordPress website running version 4.0.1, it seems it was a massive attack and many people are reporting the same security problem over the Internet. Our analysis is showing impacts in the order of 100’s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability reported a few months back.
It seems the attack modifies two WordPress core files:
Template-loader.php (located at: /wp-includes/template-loader.php)
swfobject.js (located at: /wp-includes/js/swfobject.js)
We encourage everyone to download the latest wordpress installation at:
https://wordpress.org/download/
OR
Upload and replace the modified files.
Make sure your WordPress site is up to date, update all your plugins too.
Its good idea to install a security plugin like Wordfence or Sucuri scanner
***Important: When the issue is fixed, request a Google review to avoid further browser warnings. Instructions to do this:
https://support.google.com/webmasters/answer/2600725?hl=en
