WordPress.org

Ready to get started?Download WordPress

Forums

Add Link to Facebook
[Add Link to Facebook] Vunerablility Discovered (3 posts)

  1. Routh
    Member
    Posted 2 years ago #

    There is some sort of vulnerability with this plugin. My site requires membership to post comments. However over the last week I have been getting hit with spam comments. These spam comments are coming in through add link to facebook's comment pingback. The comments look like they are being made on facebook, however there are no such comments on facebook. These same spammers have already been blacklisted from the site, and are not on facebook to my knowledge, yet they are able to spam my site with comments through this plugin now.

  2. Marcel Bokhorst
    Member
    Plugin Author

    Posted 2 years ago #

    What you are describing seems unlikely to me. The comment array is altered to insert comments from Facebook, but there is no outside interaction, except that this is triggered by fetching comments by WordPress itself.

    My best guess your site is hacked, but you'll never know. Since your vulnerability report is rather vague (also the one you have sent me using the contact form), I like to see more details. It is good practice to not do this in public for security reasons, so please use the contact form again to answer the following questions:

    • Is comment integration enabled?
    • Was '... on Facebook' displayed?
    • Was the commenter the same one?
    • How many comments were there?
    • Can you give me the full details of a comment (name, e-mail, content, etc)
    • Anything else that could be relevant

    Also send me the debug information as explained in the last question of the FAQ.

  3. Routh
    Member
    Posted 2 years ago #

    For some reason your contact form is not working for me this morning Marcel. I have sent in the debug infor twice. The second one has the message I was trying to send you on the contact form. I also have some screens of the comments for you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic