WordPress.org

Ready to get started?Download WordPress

Forums

Ultimate TinyMCE
[closed] MALICIOUS FILES (7 posts)

1 star
  1. tripflex
    Member
    Posted 1 year ago #

    Plugin is injecting links to other websites without permission from the unsuspecting user who installed plugin. There is absolutely no mention on this anywhere.

    https://s3.amazonaws.com/UltimateMCE/output.txt

    http://forum.joshlobe.com/showthread.php?tid=1563

    This also contradicts everything developer said on the forum which makes me believe this is just a stunt to sell backlinks on people's websites who trusted your plugin.

    I RECOMMEND EVERYONE REMOVE THIS PLUGIN FROM THEIR WEBSITE IMMEDIATELY

    You should NEVER attempt to inject or load offsite files and i'm very disappointed with this developer.

    I consider this MALICIOUS software.

  2. Josh (WP Edit)
    Moderator and Editor Customizer
    Plugin Author

    Posted 1 year ago #

    Fixing now.

  3. Josh (WP Edit)
    Moderator and Editor Customizer
    Plugin Author

    Posted 1 year ago #

    What I think is funny... is that you have apparently been using this plugin for quite some time. I very seriously doubt you have donated. Not once have you ever contacted me to say thanks.. or good job.

    However, the ONE time I attempt to "reach out" and try something new.. you immediately run over here and scribble down a one-star rating.

    I may have been wrong in my implementation.. but that's how we learn.

    Try being more constructive next time.. it will probably help everyone involved.

    Oh... and I could really care less if you're "disappointed" in me.

  4. Marventus
    Member
    Plugin Author

    Posted 1 year ago #

    I agree with Josh: these things happen, but there's no need for groundless accusations here. If you had taken the time to ask us what that code did (or what the intentions in the long run were) before jumping to hasty conclusions, you would have probably understood what it was all about and that it was for your own benefit (as well as for that of others).

  5. tripflex
    Member
    Posted 1 year ago #

    Injecting links to peoples websites does not just "happen", had there been some mention of this in the change logs, or even a way to disable in the user interface I wouldn't nearly had as much of a problem with it. I own a hosting company and had 20+ customers contact us thinking their website had been hacked or compromised just to find out it was a plugin they updated that was doing it.

    I am a PHP dev but most people who use this plugin are not, and because of that they would not know where to even start to figure out what plugin is hooking into their footer.

    This should have been an opt in only feature that was disabled by default...and the post on the forum completely contradicts what you say this was used for which in my opinion was black hat seo techniques.

    No sense in beating a dead horse, i've said my 2 cents and obviously WordPress agreed with me.

    Good luck on any future endeavors and I apologize for the way I approached this but from my point of view it was taking advantage of unsuspecting users.

  6. Josh (WP Edit)
    Moderator and Editor Customizer
    Plugin Author

    Posted 1 year ago #

    Thank you, tripflex.

    Good luck to you as well.

  7. Marventus
    Member
    Plugin Author

    Posted 1 year ago #

    No sense in beating a dead horse, i've said my 2 cents and obviously WordPress agreed with me.

    Indeed, since we clearly have completely different perceptions of what an open-source community is all about.
    As closure, some wise words by Eleanor Roosevelt:

    Do what you feel in your heart to be right - for you will be criticized anyway.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.