Hi there, i have some wordpress themes for 2 yrs, one of them had over 15,000 comments from spambot you know however, i decide to remove it and as curiosity i looked for email, URL and comment from (Quick Edit Comment) then i found the Email field has a script after it like
( becrusnqvsx@gmail.com/* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElementsByTagName("script"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */ ),
i found all emails had this script, then after i removed all comments i tried to add a new comment and then look for new comment i found the same script added automatically after my email.
Is that a security issue in my site?? Thanks for your help.