Hi,
thank you for letting me know. Yes, the last update fixed this you need to clear your cache and update to the latest version. As I mentioned in the changelog, I asked a friend of mine to review the code and he gave me a full report. You can look at the wp_options table for leftovers, and if you don’t find anything then you should be okay.
Sorry for the inconvenience and, again, thank you for letting me know.
Hi,
The other admin here. Unfortunately the addition of the GEO Location made the software vulnerable to a exploit if used in conjunction with other popular plugins.
The latest update fixed and sanitised the vulnerability. A simple empty of the cache & clearing of the wp_options table (if affected) should remove that post.
Again i apologise. But this should fix it. We estimate only around 100 or so sites to be comprimised.
Thanks
DW
You ESTIMATE? On what basis you estimate? Just a random number out of what?
Sorry to say that but I’m done with you and this plugin. Since you develop this plugin things got worse. I’m the first donating for a good solution but for some reason you just fucked it up. Best would be to simply bring back the 2.05 version and leave it as is.
@displaywidget account has been blocked (banned) so he won’t be able to respond here anymore.
Display Widget users should remove all 2.6.* versions of this plugin, the only safe version is v2.05 see https://wordpress.org/support/topic/display-widgets-plugin-v2-6-3-1-includes-hacking-code/
[ Signature moderated ]
Hi, I’m the plugin team rep.
Please understand, we have a policy of NOT publicly disclosing all the details of closures like this for a few reasons, least of which being I’m opposed to public shaming. I don’t think it helps anyone. However in the interests of getting people to stop being mean to everyone, here’s the situation.
The plugin was closed and the developer censured due to repeated guideline violations. We ALWAYS lean towards trusting the good nature of humans, explaining where they messed up, and giving them a chance to correct behavior. When that doesn’t happen, plugins are removed and developers removed/banned.
I’m sorry that this went on so long. Some of this was actually a case of confusion to what the guidelines meant. You don’t have to believe that, but as I’m the one who had the conversation, I do feel it was. I talk to people a LOT about this stuff, and it’s easy to get confused. That said, following those conversations, the developer added in backlinks and worse. That’s not excusable. The plugin has been removed.
We have not yet decided what the next best course of action is. We MAY hand the plugin over to a new developer. We may not. The plugin team is discussing this right now. Given the history of the plugin being sullied as it was, it’s really much of a lost cause. There cannot be trust in this plugin anymore, and I’m sorry for that.
I’m going through and closing posts about this. There’s little point in people going around and slamming others about this. Remember: people can be mean, but you don’t have to be.
