WordPress.org

Ready to get started?Download WordPress

Forums

Advanced Search
[resolved] The "Advanced Search" plugin is malware (4 posts)

  1. Andrew Nacin
    Lead Developer
    Posted 1 year ago #

    Hello,

    WordPress.org has identified the Advanced Search plugin to be malware. (http://wordpress.org/extend/plugins/advanced-search-plugin/) It is safe to update to the final version of this plugin (version 3.0). We strongly suggest you either update to this version or delete the plugin.

    We rejected the plugin when it was submitted to the WordPress.org plugin directory. However, it seems the same code was offered for download elsewhere, which has resulted in sites infected with spam.

  2. xcaballe
    Member
    Posted 1 year ago #

    I'm using a different plugin

    /*
    Plugin Name: Advanced Search
    Plugin URI: http://www.zirona.com/software/wordpress-advanced-search/
    Description: This plugin provides a powerful and versatile site search for your WordPress installation. It uses MySQL's advanced search functionalities. It also features search term highlighting.
    Author: Alex Günsche
    Version: 2.0
    Author URI: http://www.zirona.com/
    */

    today WP reports it is not safe to running it and points to this page. Is this right?

  3. Steve Taylor
    Member
    Posted 1 year ago #

    I'm using the Zirona plugin too. The more I look at this, the more it looks like there's been some confusion here.

    The current version on zirona.com is 2.0. At http://wordpress.org/extend/plugins/advanced-search-plugin/ it says:

    It is safe to update to the final version of this plugin (version 3.0). We strongly suggest you either update to this version or delete the plugin.

    The link offered downloads a plugin that has nothing in it apart from a warning that the plugin isn't safe!

    As far as I can tell the malware plugin here either (1) has nothing to do with the Zirona version, or (2) is a malicious fork of the Zirona plugin. Either way, if you have the Zirona plugin installed your plugin page tells you there's an upgrade available, which downloads the empty plugin with the warning.

    While I'm pretty sure there's been a mix-up here, it's hard to be sure, and with malware involved, what choice is there but to err on the safe side and revert to the standard WP search?

    (Another topic, but really, if the WP core search improved even a little bit, we wouldn't be having this discussion ;-)

  4. Jobjörn Folkesson
    Member
    Posted 1 year ago #

    So I have a custom-built (by myself) plugin providing an advanced search interface for my recipe blog. Lacking imagination it is named "advanced-search".

    Now you've deleted it. Not nice.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic