WordPress.org

Support

Support » Plugins and Hacks » Web Ninja Auto Tagging System » [Plugin: Web Ninja Auto Tagging System] Be careful! This plugin steals admin emails.

[Plugin: Web Ninja Auto Tagging System] Be careful! This plugin steals admin emails.

  • In this function wbats_check_updates there is such code:

    $crlf = "\r\n";
      $host = 'josh-fowler.com';
      $handle = fsockopen($host, 80, $error, $err_message, 3);
      if (!$handle) {
        if ($echo) {
          echo __('Unable to get latest version', 'wbats')." ($err_message)";
        }
      } else {
        $req = 'GET http://'.$host.'/version/wbats.php?v='.urlencode(wbatsversion)
                 . '&site='.urlencode(get_option('siteurl')).'&email='.urlencode(get_option('admin_email')).' HTTP/1.0' . $crlf
                 . 'Host: '.$host. $crlf
                 . $crlf;
        fwrite($handle, $req);
        while(!feof($handle))
          $response .= fread($handle, 1024);
        fclose($handle);

    It checks updates but also it sends your admin email to the author. In some days or weeks after installing this plugin you will get a spam email from the author, where he will promote his article rewriting service. And who knows what else he can do with your email. Sell to spammers?

    Please do not install this plugin unless you are completely sure in what you are doing.

    http://wordpress.org/extend/plugins/web-ninja-auto-tagging-system/

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Web Ninja Auto Tagging System] Be careful! This plugin steals admin emails.’ is closed to new replies.
Skip to toolbar