We are seeing an increasing number of cases where WordPress themes and plugins that are available for free have a malware called class.plugin-modules.php embedded in them.
Themes and plugins downloaded from sites other than official sites
If you have downloaded a theme or plugin from outside the official WordPress website and it contains a file named class.plugin-modules.php, malware may be embedded in that plugin or theme.
This file is loaded into the theme or plugin with the following code
<?php if (file_exists(dirname(__FILE__) . '/class.plugin-modules.php')) include_once(dirname(__FILE__) . '/class.plugin-modules.php'); ? ><?php Regular code
Illegal actions performed by class.plugin-modules.php
This program may implement the ability to embed arbitrary advertising code into your site from external sources, such as
<th>Ad Code</th> <td><textarea placeholder="" name="ad_code" rows="5" cols="130"><?php echo get_option('ad_code',$ad_code) ; ? ></textarea></td>
This code is designed to allow hackers from the outside to display various ads on your website as they wish, including redirect hacks, and also includes functionality to find out what themes and plugins are installed on your site and to get information about your site. You can also find out what themes and plug-ins are installed on your site and get information about your site.
Detection and removal of class.plugin-modules.php
Free plugin to search WordPress for malware infections
[Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
You can check for the presence of this malware and where it is being loaded from by using the “WordPress:Malware Scanning & Security Plug-in [Malware and Virus Detection and Removal]”.
You can also use the plugin to remove the malware from the administration screen. (Please be careful not to accidentally delete the original WordPress or theme plugin code if you remove it yourself.)