Support » Plugin: Pop-up » Dont try, fake and code injection method

Dont try, fake and code injection method

  • sibijohny45

    (@sibijohny45)


    8 months, 2 weeks ago

    I tested this plugin, its says its free, i tried to inject code to my site… then i understood if they want they can inject any malicious code to your website by using this plugin… you are clicking launch code on external website, and this plugin will upload a a code to your website based on email address registered on both site. so if you are using sensitive website dont even try this plugin

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Nick

    (@d4d5bh6)

    8 months, 2 weeks ago

    Thank you for your feedback @sibijohny45, however what our plugin does is market standard and safe.

    In order for the pop-ups to show, a snippet of code needs to be placed on your website. The main purpose of the plugin is that you don’t have to do it manually, but a plugin does it for you.

    A similar approach is used by many other “Software as a Service” software (live-chats etc.) which simply require a connection to a third party endpoint. It’s also similar to what any CDN does.

    As it’s very much standard (and safe), it’s also explicitly permitted in the plugin guidelines (https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#6-software-as-a-service-is-permitted).

    Could you please let me know if I could clear up your concerns with my reply? We take privacy & security very seriously and would like to ensure that everybody can use our plugins with a peace of mind 🙂 Thank you!

    Plugin Support mixha

    (@mixha)

    8 months ago

    Hello @sibijohny45 ,

    Did you have the moment to check out Nick’s explanation regarding your concern with the popup code insertion? Inserting anything else than the specified code would pretty much be the end for any commercial product, I don’t think there is a company in the world that would afford such a move? 🙂

    Kind regards

    Thread Starter sibijohny45

    (@sibijohny45)

    8 months ago

    i understood many other plugins do the same. But it is possible to take over the website by using this method isn’t it? That means it’s not safe. Well other plugins use the same approach doesnt mean you need to follow the same approach.. .. Also, CDN , some low end CDN providers do that , but actually professional CDN uses a different approach.,

    Plugin Author Nick

    (@d4d5bh6)

    7 months, 2 weeks ago

    Thanks @sibijohny45, I understand your fears, however it’s market practice and it’s safe.

    Basically every service which shows content on other sites via embedding of codes works this way. For example, take Youtube: there you are also given a code which you can embed on your site, to show the video. Youtube could – in theory – suddenly start to show different content than the one you placed, but it’s just not going to happen.

    It’s the same with us – we already have too much to lose to do dodgy things like that. See all of our projects on https://inisev.com.

    Please let me know if that alleviates your concerns. Thank you!

    Plugin Author Nick

    (@d4d5bh6)

    6 months, 3 weeks ago

    Could you please respond @sibijohny45? If any doubts remain, happy to clear them up! Thank you 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Dont try, fake and code injection method’ is closed to new replies.

Views