My hosting provider has been running scans recently on our WordPress site to check for malicious files.
The scans have repeatedly singled out two files as causing an issue but do not provide much information in regards to what is wrong with them.
Details of the scan are as follows:
The scan finished and returned the following:
FILE HIT LIST:
{YARA}nex_wordpress_extract_kj9 : /home/aca4e628/MYURL.com/html/wp-content/plugins/s2member-logs/s2-http-api-debug-ARCHIVED-04-26-2021-1619474673.log
{YARA}nex_wordpress_extract_kj9 : /home/aca4e628/MYURL.com/html/wp-content/plugins/s2member-pro/src/includes/classes/gateways/stripe/stripe-form-in.inc.php
I’ve uploaded the two files to the folder linked below but hopefully, someone here can tell me what to look for while searching through them. I’m not sure how malicious code would’ve been added to the s2member plug-in.
https://drive.google.com/drive/folders/1wkKDJKJxWIimGi9BL8K4-MRoTqLPvVNS?usp=sharing