WordPress.org

Ready to get started?Download WordPress

Forums

Flash MP3 Player
[resolved] [PHISHING] DO NOT DOWNLOAD v10.1.7 - IT ONLY COMES WITH PHISHING FORMS! (14 posts)

  1. Chandle
    Member
    Posted 2 years ago #

    It is seems to be a hijacked version...

    http://wordpress.org/extend/plugins/flash-mp3-player/

  2. Patrick Nommensen
    Member
    Posted 2 years ago #

    For security issues with WordPress plugins, please email the details to plugins [at] wordpress.org, including as much detail as possible.

  3. Chandle
    Member
    Posted 2 years ago #

    Done.

  4. Confirmed, that's pretty evil.

    To report any plugin issues like this, please send an email to plugins AT wordpress.org (which I've just done).

    Edit: I'm still slow. ;)

  5. Chandle
    Member
    Posted 2 years ago #

    Btw guys I am using WP for years and I had to register second ago because I only needed to report this.
    There should be a "Report phishing" button or something like that at plugin page... we are in 2012 - such things will happen again ;)

  6. Patrick Nommensen
    Member
    Posted 2 years ago #

    @Jan haha. :-)

    @Chandle. In theory that sounds like a great idea. However, I think it would be overused and the "email method" would probably be more efficient. I assume they plugins are monitored regularly so it's not really a huge problem, at least with my "plugin experience." If you vote the plugin doesn't work and then create a post like you did here there will be a very quick response, like this evening.

  7. Plugin closed. Ugh. Poor guy.

  8. Chandle
    Member
    Posted 2 years ago #

    Why closed?

    Just reverting to v10.1.5 and removing authors permissions would be enough. It is fairly good plugin!

  9. Because I don't have access to revert it. :D Closing is to stop people from upgrading for now. Someone will roll it back and up the revision tonight.

  10. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    I will revert this and bump the version soon. In the meantime, closing it prevents further infection.

    If anybody wants to decode this and track down the perpetrator, I will do everything in my power to shut them down. I will do this anyway, but I'm currently mobile, so you might save me some time.

  11. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Email me any findings, btw: otto@wordpress.org. Action will be taken. (so mad right now)

  12. Decoded and sent. I'm pissed too and trying to make sure the REAL plugin author gets notified.

  13. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Plugin has been reverted (thanks nacin!) and the new version is clean.

  14. Andrew Nacin
    Lead Developer
    Posted 2 years ago #

    As Otto says, the new version, 10.1.8, is clean. It is an exact copy of 10.1.5, with the version number bumped to ensure upgrades.

    The user account is currently suspended until we establish the proper identity, etc.

    Probably related: http://wpdevel.wordpress.com/2012/03/27/phishing-attempts-for-wordpress-org-credentials/. Be on the lookout.

    Marking this as resolved for now.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic