Plugin broke our site

Resolved Anastasia
(@anastasia08)

2 years, 8 months ago

Dear developers of B2BKing, we were enjoying using your plugin for almost 1,5 years until June 12th, when your plugin fully corrupted our site. The admin panel became fully blocked and the anthem of the other country started playing from our admin panel.
We thought that our site was attacked by hackers and therefore deleted it from hosting and created the site again. But after installing your plugin on newly developed site the problem appeared again – admin panel became blocked and the anthem started playing again.
We addressed this issue to the hosting and they scanned our site and identified that the problem was in your plugin – your plugin contained the malicious module sweetalert2 which is causing this problem:

grep -rl sweetalert2 /var/www/u0423292/data/www/

/var/www/u0423292/data/www/mymileo.ru/wp-content/plugins/b2bking-wholesale-for-woocommerce/admin/class-b2bking-admin.php

/var/www/u0423292/data/www/mymileo.ru/wp-content/plugins/b2bking-wholesale-for-woocommerce/includes/assets/lib/sweetalert/sweetalert2.all.min.js

With the help of hosting admins we deactivated your plugin and the problem stopped. So far, we cannot use your plugin right now abd w have to look for the other plugin to meet the needs of our store.

I don’t know if you know about this problem but it makes us to go for other plugin.

Thank you if you reply to this.

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Author WebWizards
(@webwizardsdev)

2 years, 8 months ago

Hello Anastasia,

Thank you for bringing this to our attention – we were not aware of this situation.

Sweetalert2 is a popular library used to display alerts such as the one here when approving a user: https://prnt.sc/P5O1QxwqbD2I – we recently added this to the plugin for a nicer user interface.

It seems that the developers of this library intentionally added this behaviour as a protest related to the Russia-Ukraine conflict. While we sympathise with everyone negatively affected by the conflict, we would like to stay outside of any political matters. We will remove this behaviour from our plugin shortly.

We will publish an update resolving this later today in the next few hours.

We would advise that tomorrow you update the B2BKing Core and B2BKing Pro plugin if you use it to the latest versions to solve this.

Moderator Yui
(@fierevere)

永子

2 years, 8 months ago

@webwizardsdev Yes it is intentionally done by its author and many plugins were already affected. You have to bundle sanitized copy or an older version (if its still safe) without malware.
Software (especially Free and Open Source Software) should be not the target of revenge or political things. Yet, its Open Source, you have freedom to modify and redistribute.

Thread Starter Anastasia
(@anastasia08)

2 years, 8 months ago

Thank you so much for this kind reply! We are looking forward to resolving this problem since we were going to pay for your plugin right after this problem is solved. And so far, if this behaviour is removed, we will be happy to come back to your plugin.

Plugin Author WebWizards
(@webwizardsdev)

2 years, 8 months ago

@fierevere Thank you for your perspective on it,

@anastasia08

We have now updated both the Core and Pro plugin with a sanitized version of that library.

Make sure you have these versions or higher:

B2BKing Core: 4.6.42

B2BKing Pro: 4.6.90
Thread Starter Anastasia
(@anastasia08)

2 years, 8 months ago
Thank you so much for this, we reinstalled B2BKing Core: 4.6.42, so far it is perfect right now, no malicious behaviour. If something appears again we will inform you.

Your support is superb and thank you million times!

Have the great day!
- This reply was modified 2 years, 8 months ago by Anastasia.
Plugin Author WebWizards
(@webwizardsdev)

2 years, 8 months ago

Glad to hear that’s working : )

Have a nice day!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Plugin broke our site’ is closed to new replies.