WordPress.org

Ready to get started?Download WordPress

Forums

Web Ninja Auto Tagging System
Be careful! This plugin steals admin emails. (3 posts)

  1. Artprima
    Member
    Posted 2 years ago #

    In this function wbats_check_updates there is such code:

    $crlf = "\r\n";
      $host = 'josh-fowler.com';
      $handle = fsockopen($host, 80, $error, $err_message, 3);
      if (!$handle) {
        if ($echo) {
          echo __('Unable to get latest version', 'wbats')." ($err_message)";
        }
      } else {
        $req = 'GET http://'.$host.'/version/wbats.php?v='.urlencode(wbatsversion)
                 . '&site='.urlencode(get_option('siteurl')).'&email='.urlencode(get_option('admin_email')).' HTTP/1.0' . $crlf
                 . 'Host: '.$host. $crlf
                 . $crlf;
        fwrite($handle, $req);
        while(!feof($handle))
          $response .= fread($handle, 1024);
        fclose($handle);

    It checks updates but also it sends your admin email to the author. In some days or weeks after installing this plugin you will get a spam email from the author, where he will promote his article rewriting service. And who knows what else he can do with your email. Sell to spammers?

    Please do not install this plugin unless you are completely sure in what you are doing.

    http://wordpress.org/extend/plugins/web-ninja-auto-tagging-system/

  2. mmbee888
    Member
    Posted 2 years ago #

    thanks for the info.

  3. Mark (podz)
    Support Maven
    Posted 2 years ago #

    Thanks - the plugin has been removed.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic