The _wp_http_referer
field is generated by the wp_referer_field()
function. I’m not familiar with the hidden send
field – however, I’d wager it’s a nonce field.
In all likelihood this pair of hidden inputs was generated by a call to the wp_nonce_field()
function with 'send'
as the $name
argument and the $referer
argument set to true
. These fields are a component of good plugin security practices, and aide in verifying the authenticity of user interactions.
In your case, the call is likely executed directly in a template file, or a theme or a plugin logic file in a function attached to the the_content
filter – though it could also be called in a shortcode, or numerous other action/filter hooks.
While malicious code might still leverage good security practices, the presence of such practices by itself is in no way indicative of exploitation.