Name of the Vulnerable Software and Affected Versions smartsearchwp versions all

Description The issue concerns malicious code intended to steal credentials from websites by traversing DOM elements to find fields such as username and password and uploading them to a remote server. It also has the capability to port-scan the local gateway and upload the information. Additionally, it can fetch commands from the remote server and execute them using eval. However, analysis has found bugs in the malware that prevent it from performing its intended actions, and the code is not invoked upon installation or require.

Recommendations Remove the smartsearchwp package from your environment, as there is no indication of further compromise.