The avast alert was for hxtp://www.whitbyseaanglers.co.uk/wp-includes/wp-mail.php
Code hick-up
ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.6.1 benign
[nothing detected] (script) ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=3.6.1
status: (referer=wXw.whitbyseaanglers.co.uk/wp-includes/wp-mail.php)saved 92629 bytes ae49e56999d82802727455f0ba83b63acd90a22b
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Read how your site might have been infected:
http://digwp.com/2009/06/xmlrpc-php-security/Core code from WP is mostly secure and updated regularly against insecurities and vulnerabilities,
but there are many plug-ins and extemsions for WP that are less secure and may be vulnerable.
The xmlrpc-php-security issues should be taken up with your hoster as these are web server attacks.
See code
46:< link rel="EditURI" type="application/rsd+xml" title="RSD" href="htxp://www.whitbyseaanglers.co.uk/xmlrpc.php?rsd" />
47:< link rel="wlwmanifest" type="application/wlwmanifest+xml" href="htxp://www.whitbyseaanglers.co.uk/wp-includes/wlwmanifest.xml" />
There is also an issue with this backlink:
https://www.eff.org/https-everywhere/atlas/domains/vimeocdn.com.htmlsee:
GET /p/flash/moogaloop/5.5.0b29/moogaloop.swf?clip_id=62537288 HTTP/1.1
Host: a.vimeocdn.com
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
polonus