Avast detectsHTML:Iframe-BBO [Trj] on insecure forum website....

[polonus]

See: https://www.virustotal.com/en/url/1bcaa282f1067e1cc65443931fe1f44457dfe23c336a9d3aa38cea653b64e84a/analysis/1464527330/
and https://www.virustotal.com/en/file/43f040df92b19ae92faa118645ba385c65c9a47bdc89d0503a513bb738c87d98/analysis/1464474868/
abuse at softlayer dot com and www dot bitvertiser dot com driven...
Several ad and tracking server scripts that should come user-blocked like for instance: hxtp://cdn.hyperpromote.com/ptaginclude3.js
and -htxp://bdv.bidvertiser.com/bidvertiser.dbm?pid=421120&bid=1045517&RD=32724092155695&DIF=2 &
hxtp://edge.quantserve.com/quant.js for instance
WordPress issue: WordPress Version
3.8.5
Version does not appear to be latest 4.5.2 - update now.

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjsc.adskeeper.co.uk%2Fb%2Fi%2Fbidvertiser.com.49245.js%3Ft%3D11642915

with the following code issue

Code: [Select]

     info: [img] adskeeper.co.uk/s.png
     info: [decodingLevel=0] found JavaScript
     error: undefined function this.root.getElementsByTagName *
     error: undefined variable this.root
     error: line:1: SyntaxError: missing variable name:
          error: line:1: var this.root = 1;
          error: line:1: ....^
Error can be fixed by removing the $root variable altogether...t $userid is undeclared is no problem when it is on the same page.
Info credits go to Stackoverflow's halfer. * is caused by DOM API mixed with jQuery API syntax.
For the DOM/XSS scan results see the CloudFlare landing here: http://toolbar.netcraft.com/site_report?url=http://www.m88promosi.com

polonus