WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Flash MP3 Player] [PHISHING] DO NOT DOWNLOAD v10.1.7 – IT ONLY COMES WITH PHISHING FORMS!

[Resolved] [Plugin: Flash MP3 Player] [PHISHING] DO NOT DOWNLOAD v10.1.7 – IT ONLY COMES WITH PHISHING FORMS!

Viewing 13 replies - 1 through 13 (of 13 total)
  • For security issues with WordPress plugins, please email the details to plugins [at] wordpress.org, including as much detail as possible.

    Done.

    Jan Dembowski
    Volunteer Mod. & Brute Squad

    @jdembowski

    Confirmed, that’s pretty evil.

    To report any plugin issues like this, please send an email to plugins AT wordpress.org (which I’ve just done).

    Edit: I’m still slow. 😉

    Btw guys I am using WP for years and I had to register second ago because I only needed to report this.
    There should be a “Report phishing” button or something like that at plugin page… we are in 2012 – such things will happen again 😉

    @jan haha. 🙂

    @chandle. In theory that sounds like a great idea. However, I think it would be overused and the “email method” would probably be more efficient. I assume they plugins are monitored regularly so it’s not really a huge problem, at least with my “plugin experience.” If you vote the plugin doesn’t work and then create a post like you did here there will be a very quick response, like this evening.

    Plugin closed. Ugh. Poor guy.

    Why closed?

    Just reverting to v10.1.5 and removing authors permissions would be enough. It is fairly good plugin!

    Because I don’t have access to revert it. 😀 Closing is to stop people from upgrading for now. Someone will roll it back and up the revision tonight.

    Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    I will revert this and bump the version soon. In the meantime, closing it prevents further infection.

    If anybody wants to decode this and track down the perpetrator, I will do everything in my power to shut them down. I will do this anyway, but I’m currently mobile, so you might save me some time.

    Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    Email me any findings, btw: otto@wordpress.org. Action will be taken. (so mad right now)

    Decoded and sent. I’m pissed too and trying to make sure the REAL plugin author gets notified.

    Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    Plugin has been reverted (thanks nacin!) and the new version is clean.

    Andrew Nacin
    Lead Developer

    @nacin

    As Otto says, the new version, 10.1.8, is clean. It is an exact copy of 10.1.5, with the version number bumped to ensure upgrades.

    The user account is currently suspended until we establish the proper identity, etc.

    Probably related: http://wpdevel.wordpress.com/2012/03/27/phishing-attempts-for-wordpress-org-credentials/. Be on the lookout.

    Marking this as resolved for now.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘[Resolved] [Plugin: Flash MP3 Player] [PHISHING] DO NOT DOWNLOAD v10.1.7 – IT ONLY COMES WITH PHISHING FORMS!’ is closed to new replies.