WordPress.org

Ready to get started?Download WordPress

Forums

Social Sharing Toolkit
Malware - Social Sharing toolkit (13 posts)

  1. stuartlcrawford
    Member
    Posted 2 years ago #

    The social sharing toolkit plugin has installed malware twice now (I doublechecked) and was forced to use the Sucuri service to remove the backdoor exploit. Not Recommended.

    http://wordpress.org/extend/plugins/social-sharing-toolkit/

  2. fpmsummer
    Member
    Posted 2 years ago #

    What version scanned as malware for you? I'm still using 2.0.4 on a couple of sites, and was just about to download this update when I saw your message. Those sites still using 2.0.4 scanned clean for me just now.

  3. stuartlcrawford
    Member
    Posted 2 years ago #

    The most recent I believe (removed it instantly so can't check). Still left my blog as an 'internal error' after messing up the W8 cache plugin. http://inkbotdesign.com/blog/

  4. fpmsummer
    Member
    Posted 2 years ago #

    It looks like he just released version 2.0.7 sometime within the past few hours... I'll check to see if that one is clean.

  5. fpmsummer
    Member
    Posted 2 years ago #

    I upgraded one of my sites to version 2.0.7, then scanned it, and Sucuri verified it as clean. I only have Facebook Share, Google+ and StumbleUpon activated on that particular site, if that helps.

  6. stuartlcrawford
    Member
    Posted 2 years ago #

    Thank you. Really don't know what happened because installing the plugin was the only change in the last 48 hours, so I'm pretty sure it came from it. Just hope others don't get the same problem - I've only really managed to fix it now (after around 2 hours of fiddling).

  7. fpmsummer
    Member
    Posted 2 years ago #

    There was a note in the forums saying that there was phishing attack aimed at plugin developers, trying to gain access to their repositories, but they said they'd removed any affected plugins for the time being... and this one never seemed to be pulled offline.

    Just to be sure, you should also check with your webhost and make sure there wasn't some cross-scripting attack on their servers that might have hit your site.

    Also give your database a cursory once-over. There was a cross-scripting attack a few years ago that I thought I'd cleaned up, but they'd managed to insert hidden WP user accounts in a couple of my sites that I didn't find until a couple weeks after the first cleaning.

  8. stuartlcrawford
    Member
    Posted 2 years ago #

    wow didn't think that of that! I've mentioned it to the ISP already - waiting on a response ;)

    Thanks again for your help

  9. dmx09
    Member
    Posted 2 years ago #

    Hi there, sorry to jump on this thread but having installed a malware plugin (6scan) following some recent issues its flagging up a potential problem with the Social Sharing Toolkit plugin.

    This is the fix its suggesting:

    Go to your Social Sharing Toolkit directory
    Backup the googleplus.js.php file
    Open it for editing
    Find the line that containts the next code: if (isset($_GET['lang'])) {
    Add the next code lines after it:
    $_GET[ 'lang' ] = htmlspecialchars( $_GET[ 'lang' ] , ENT_QUOTES );

    Make sense to anyone!? :-)

  10. pcland
    Member
    Posted 2 years ago #

    would be interested to hear from the developer on this...

  11. pronoiac
    Member
    Posted 1 year ago #

    As of version 3.0.8 of the plugin, googleplus.js.php doesn't contain htmlspecialchars.

  12. pcland
    Member
    Posted 1 year ago #

    awesome, thx :)

  13. GuruOnline
    Member
    Posted 1 year ago #

    But the plugin is only on version 2.1.1

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic