Website blocked.

This pops up with a litany of errors, every time I try to go to my client’s site.
Threat: HTML:Script-Inf(Susp)
URL: htxp://totalcaredental.com
Detected by Web Shield

I am trying to ascertain what might be the issue (if it’s something in the wordpress plugin, Elementor, as a ton of pieces of it crop up the same way, but different sets of malarkey).

Could anyone offer some guidance?

I don’t know if this might be something to do with it, there are several 3rd party external links:
See this VT scan “Links” section - https://www.virustotal.com/gui/url/8006b3a774fa4408440e1f76b408dece148cf6efcc4ec5eaa8cdde2eb7fbaa0c/links

Some security pointers given here - https://en.internet.nl/site/totalcaredental.com/2393062/

This one is the clincher - Critical Security Risk - https://sitecheck.sucuri.net/results/totalcaredental.com - I had to setup an avast exclusion to be able to actually run the scan from SecuriNet - multiple malware hits.

I appreciate the reply and help. I will delve further into this with my client. Thanks so much!

infected javascript

VT scan https://www.virustotal.com/gui/file/7291161f38fe1f9901d0789ce4efa8597b60a4d6a1a86a4d399eb18f718072ab?nocache=1

You’re welcome.

That’s a big difference in a short time, there was only 1 detection when I checked.

You mean the one you posted in reply #1 ?

That is a URL blacklist check, my scan is the javascript that sucuri found

I didn’t cross post or copy the file to post to VT, I just did a bog standard scan in VT and Securi (which I mentioned was the clincher).
I made an assumption (I know) yours was somehow linked to the original URL I had scanned.

Your WP CMS seems OK, exept for dethemekit-for-elementor Unknown latest release (2.0.2)
-https://vastthemes.com

. Website may be infested with a generic trojan, bank-malware, spyware, ransomware, infostealer, Remote Access Trojan, cryptocurrency-miner. It secretely makes changes to the Windows registry.

You have 5 malicious files, according to: https://quttera.com/detailed_report/totalcaredental.com (see there)
Threat dump: [[-https://www.sneeddentalarts.com/dental-services/buy-tadalafil-generic-cialis-online-cheap-price/]] **
This plug-in: /wp-content/plugins/dethemekit-for-elementor/assets/js/jquery-1.12.4-wp.js?ver=6.3
Only detected by one av vendor: https://www.virustotal.com/gui/url/2c0ed1a603fda18a5c68928be5e9a9874684028c06330f4bba70e940fb7c3584?nocache=1

** Hardening improvements for -https://www.sneeddentalarts.com:

Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’.

Missing security header to prevent Content Type sniffing.

Missing Strict-Transport-Security security header.

Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

Leaked PHP version. Your site is displaying your PHP version in the HTTP headers. Please set expose_php = Off.

But wait for a final verdict from avast’s.

polonus (volunteer 3rd party cold recon website-security analyst and website error-hunter)

P.S. Also read here: https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/ (threat resource - Chloe Chamberland, Oct. 13th last)

Avast does not block this site any longer,

polonus