WordPress.org

Ready to get started?Download WordPress

Forums

YD Recent Posts Widget
POTENTIALLY HARMFUL!!! INSERTS SNEAKY HIDDEN LINK!!! DON'T INS (9 posts)

  1. anteck
    Member
    Posted 2 years ago #

    I cannot believe the nerve of this plugin author.

    I was just checking the source code of one of my sites, and right down the bottom, using a css class that creates HIDDEN TEXT, this plugin drops a link to the authors site!!!

    If you think that's bad - then check this out. There's a option to 'disable the footer link'. It doesn't work.

    Furthermore, the link (& source code) IS NOT SHOWN to anyone who is logged in!!!

    This plugin needs to be reported to wordpress admin and removed from the repository IMMEDIATELY.

    http://wordpress.org/extend/plugins/yd-recent-posts-widget/

  2. Lee
    Member
    Posted 2 years ago #

    what are you talking about? the disable backlink works just fine for me. I logged in and logged out and it's gone whenever I choose to disable it. Try refreshing your cache or something or maybe do some debugging before trashing a plugin and it's author and calling for it to be banned. I'm just sayin...

  3. This plugin needs to be reported to wordpress admin

    At a guess, the included timthumb.php was behind his complaint. He should feel free to send an email to pluginsATwordpress.org.

  4. Lee
    Member
    Posted 2 years ago #

    Sounds to me like what happened is that the plugin includes a version of timthumb.php that is outdated and vulnerable. And his timthumb was hacked is probably what happened. It is a simple fix by running the TimThumb Vulnerability Scanner and updating it, or manually updating it yourself.

    So instead of calling for the plugin to be reported and banned, maybe someone should kindly tell the author that he needs to include a current timthumb file with the updated version. I have a feeling it would be included, should you ask.

  5. longroad
    Member
    Posted 2 years ago #

    Unfortunately the disable link does not seem to work. Once selected and saved, it goes back to being unchecked automatically, therefore the link remains.

  6. longroad
    Member
    Posted 2 years ago #

    I'll note I disabled it using CSS, but this needs to be fixed. It actually generates a 404 error when trying to save the plugin settings. Don't know if its just me, or if this plugin is in need of an update.

  7. Samuel B
    moderator
    Posted 2 years ago #

    it says compatible to version 3.0.5

    I see the OP has 3.2.1

  8. jjung5400
    Member
    Posted 2 years ago #

    longroad - what was the css you used to disable the backlink, im stuck.
    please help!

  9. jjung5400, can you please start your own thread? It's the best way to get help for your issue.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic