WordPress.org

Ready to get started?Download WordPress

Forums

flickr-slideshow-wrapper
[resolved] [closed] This plug-in can be hacked (8 posts)

  1. Christopher Skyi
    Member
    Posted 2 years ago #

    Security Advisement: This plug-in can be hacked.

    Website Defender identified hacked file:

    Threat details
    Filename ***/wp-content/plugins/flickr-slideshow-wrapper/nav-h.php
    Description Suspicious PHP Code
    Pattern detection \x66

    http://wordpress.org/extend/plugins/flickr-slideshow-wrapper/

  2. Christopher Skyi
    Member
    Posted 2 years ago #

    Forgot. The hack results in download attempts of "Exploit javascript obfuscation 1494" whenever one went to a page where this plug-in was used:

    http://www.avgthreatlabs.com/webthreats/info/javascript-obfuscation/

  3. Jeannot Muller
    Member
    Posted 1 year ago #

    Did you even look at the source code? The plugin is not using anything you are mentioning here but standard function of flickr API.

  4. Christopher Skyi
    Member
    Posted 1 year ago #

    "Did you even look at the source code? The plugin is not using anything you are mentioning here but standard function of flickr API."

    Take it up with websitedefender.com, not me. They're the ones who called the plug-in out as a high security risk for wordpress.

  5. Jeannot Muller
    Member
    Posted 1 year ago #

    Nope, I'm following up with you, as the plugin doesn't contain any file /nav-h.php. It never had and it never will. I don't know what you did when running the test, but it is not part of the plugin.

  6. Christopher Skyi
    Member
    Posted 1 year ago #

    It's possible that hackers, once they break into the site, could see this plug-in as a good opportunity to further their attack by modifying it. Why not take the information I've given you and contact websitedefender or some other security expert? It can only make your plug-in better

  7. Jeannot Muller
    Member
    Posted 1 year ago #

    Are you an affiliate of them? Obviously ... they don't find any issues on my site, nor does google ban me for malware for over 10 years.

    Can you please click on this topic being resolved.

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 1 year ago #

    This plugin does not contain a "nav-h.php" file. The "Website Defender" is mistaken.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic