WordPress.org

Ready to get started?Download WordPress

Forums

Slick Social Share Buttons - SQL Injection Attack (9 posts)

  1. The Living Guru
    Member
    Posted 1 year ago #

    Hi there I have been using WordPress for slightly over a year, but I'm still new and have no technical training background. So please bear with me and use layman's language when explaining to me.

    I just installed the Slick Social Share Buttons but I could not activate it nor delete the plugin.

    When I click on activate or delete, I will be led to my domain which uses the default theme (twenty eleven 1.3)

    At the same time, I got an email from WordPress Firewall informing me via email that this Slick Social Share Buttons may contain dangerous content, and This plugin may be a "WordPress-Specific SQL Injection Attack."

    Questions:

    1. What happened? Why can't I activate nor delete plugin?
    2. Are there any real security risks?
    3. What is SQL injection attack? Sounds scary to me and hence I am anxious to remove this plugin.
    4. What should I do?

    Please explain to me in layman's terms and what I should do. My first option is to delete this plugin before understanding whether there is a real risk.

    Thank you.
    Regards
    Scott

  2. remix4
    Member
    Posted 1 year ago #

    Hi,

    1. This may be aa problem either with WordPress or another plugin. There shouldnt be any errors with the buttons plugin that would cause this.

    2. No - this is a false warning generated by the overly sensitive firewall plugin. Just add the plugin to the firewalls whitelist

    3. Check internet for explanation but as per point 2 this plugin is not a security risk.

  3. remix4
    Member
    Posted 1 year ago #

    Also next time I would appreciate not including my name in the title with such a "warning". My name isnt used as the author of the plugin on this site so why would you want to be so blatant?

  4. The Living Guru
    Member
    Posted 1 year ago #

    Thanks for the reply remix4.

    Please let me clarify.

    First, my blog has was alright until I installed this plugin. I received non-stop firewall email warnings after I installed this plugin.

    Second, the firewall warnings specifically mentioned this plugin. I have more than 15 plugins in my blog.

    Third, the plugin could NEITHER be activated NOR deleted in WordPress. Why would that be the case?

    I appreciate your response and suggestion to whitelist it, but it doesn't remove the fact that the plugin cannot be activated nor deleted, and that's scary, while I repeated receive warnings.

    If anyone were to be in my shoes, they would feel the same concern.

    Separately, I consulted other experts who suggested I deleted the plugin through Filezilla to access my host files, and since deleting, the non stop string of attack notifications have stopped.

    Are you able to shed any light on this? I am not technical and so appreciate guidance on this matter, in case other plugins cause similar situations in future.

    Thanks and appreciate your views.

  5. remix4
    Member
    Posted 1 year ago #

    As I mentioned the alerts are caused by an overly sensitive firewall plugin. Until it is added to the whitelist it will continue to produce these alerts.

    You can go ahead and just delete the plugin folder via FTP and this will automatically remove the plugin.

  6. The Living Guru
    Member
    Posted 1 year ago #

    Thank you for the response.

    As I also mentioned, the plugin could not be Activated NOR Deleted.

    That's why it was worrying. It was sitting there, whilst the notifications came flying in.

    What might be the reason as to why this specific plugin could not be activated nor deleted in the wordpress backend/dashboard?

    Thanks for reading.

  7. remix4
    Member
    Posted 1 year ago #

    See item 1 in original reply

  8. The Living Guru
    Member
    Posted 1 year ago #

    Thank you for the prompt response.

    As mentioned earlier there are more than 15 plugins in my blog.

    And only this particular plugin, upon being installed, could not be activated nor deleted. In addition, all the security warnings point specifically to this plugin. And only when this plugin was removed did the security warnings stop.

    I am curious what really happened. If it was due to other plugins, what might be the reason. I am concerned that if it was indeed due to other existing plugins, then the problem still exists even if I have deleted the said plugin.

    Pardon my ignorance as I am new and not technical, and may be asking the obvious to some of you.

    Regards

  9. remix4
    Member
    Posted 1 year ago #

    I've just installed WordPress Firewall on a test site and it prevents the social share buttons plugin for being deactivated - so the problem is caused by interference from the Firewall plugin

Topic Closed

This topic has been closed to new replies.

About this Topic