The WordPress team has identified a major security issue in WP Private Content Plus versions 1.31 or lower. This issue is due to a missing permission check in settings section. This issue allowed external users to modify the settings section of our plugin.
This is issue is resolved in version 2.1 and we highly recommend you to upgrade as soon as possible to prevent any damages to the site.
However, if your site is already hacked, please follow these steps
- Deactivate the current version of WP Private Content Plus
- Check the wppcp_options value in wp_options table for malicious url’s
- Replace wppcp_options value in wp_options table from a database backup before this issue occurred in your site
- Upgrade to version 2.1
- Activate the plugin
If this process doesn’t resolve your issue, please send a support request here