Support » Requests and Feedback » report plugin as potential spyware?

  • I’ve just been trying out a few plugins to do a certain task. I’ll not give names for now, but one – although I’d not heard of it before – was pretty well-rated and popular on the dot org repo. I installed it locally, activated, started going through the settings.

    About 15 mins later I noticed some email had arrived. It was an enquiry through my website contact form, someone looking for a WP dev. It went on and on, and quickly I saw that it was pretty clearly spam of some kind. But the thing that struck me was that the enquiry specifically requested that I use the plugin I had just installed.

    Now, this could be an extremely wild coincidence. But I’d never heard of the plugin before this, certainly I’d never had anyone ask me about it. And the email, as far as I can tell arrived within minutes of me installing it for the first time.

    If something in the plugin code was responsible, I imagine a human was involved somewhere. They must have taken my admin email, extracted the domain, confirmed that I’m a WP dev, found my contact form, and sent the enquiry.

    I actually can’t decide whether this or ‘coincidence’ is more improbable! I’ve looked through the code and seen nothing obvious – but there’s a lot of code. What’s the discreet way to report this in case repo admins want to have a look, just in case?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Can you share which plugin?

    Edit: Plugin questions or issues like that should be reported to plugins [at] wordpress.org and it will get looked at.

    Thread Starter Steve Taylor

    (@gyrus)

    I thought I’d not say to avoid tarring a plugin’s name based on a wild coincidence! But thanks for the email, I’ll write a message.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    A sensible precaution. 😉 When you do write that email please include the details. It will help them determine if there’s really a problem or not.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘report plugin as potential spyware?’ is closed to new replies.