Suspected malware URL in readme.txt | WordPress.org

Jamas
(@jamas)

9 years, 6 months ago

Just highlighting this, probably worth cleaning up the URL listed below. To other readers this is not a security issue with this plugin.

As reported by Wordfence:

This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.designcontest.com/) – More info available at Google Safe Browsing diagnostic page.

https://wordpress.org/plugins/wp-super-cache/

Viewing 3 replies - 1 through 3 (of 3 total)

TVoltz
(@tvoltz)

9 years, 6 months ago

I received the same message from WordFence. I fixed the problem and deleted the plugin until I could learn more.
Adam Walter
(@adamwalter)

9 years, 6 months ago
It looks like one of the plugin translators has the URL for designcontest.com alongside their credit in readme.txt. Doing a quick Google search, that site may have been hacked years ago. Perhaps it’s on a blacklist somewhere that Wordfence uses.

The offending section of readme.txt:
```
Translators who did a great job converting the text of the plugin to their native language. Thank you!
...
* [Alexander Alexandrov](http://www.designcontest.com/) (Belarusian)
```
I’ve deleted the readme as a precaution, but there’s no malicious code that I’ve discovered.
TVoltz
(@tvoltz)

9 years, 6 months ago

WordFence said it was on a Google Blacklist, but I just checked and it must not be any longer. Thanks for the feedback.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Suspected malware URL in readme.txt’ is closed to new replies.

In: Plugins
3 replies
3 participants
Last reply from: TVoltz
Last activity: 9 years, 6 months ago
Status: not resolved