Security concern, inappropriate code

  • Gagan Deep Singh

    (@gagan0123)


    9 years, 8 months ago

    Plugin has explicitly used its own google analytics code which is sending data to plugin author’s account for any site thats using this plugin.

    <script type="text/javascript">
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-38371699-1']);
  _gaq.push(['_trackPageview']);
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();
</script>

    This is written even before any headers are sent, and will cause error on many sites as well.

    https://wordpress.org/plugins/kofthitscounter/

  • The topic ‘Security concern, inappropriate code’ is closed to new replies.