WordPress.org

Support

Support » Plugins and Hacks » [Plugin: YD Recent Posts Widget] POTENTIALLY HARMFUL!!! INSERTS SNEAKY HIDDEN LINK!!! DON'T INS

[Plugin: YD Recent Posts Widget] POTENTIALLY HARMFUL!!! INSERTS SNEAKY HIDDEN LINK!!! DON'T INS

  • I cannot believe the nerve of this plugin author.

    I was just checking the source code of one of my sites, and right down the bottom, using a css class that creates HIDDEN TEXT, this plugin drops a link to the authors site!!!

    If you think that’s bad – then check this out. There’s a option to ‘disable the footer link’. It doesn’t work.

    Furthermore, the link (& source code) IS NOT SHOWN to anyone who is logged in!!!

    This plugin needs to be reported to wordpress admin and removed from the repository IMMEDIATELY.

    http://wordpress.org/extend/plugins/yd-recent-posts-widget/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Lee

    @romanempiredesign

    what are you talking about? the disable backlink works just fine for me. I logged in and logged out and it’s gone whenever I choose to disable it. Try refreshing your cache or something or maybe do some debugging before trashing a plugin and it’s author and calling for it to be banned. I’m just sayin…

    Moderator Jan Dembowski

    @jdembowski

    This plugin needs to be reported to wordpress admin

    At a guess, the included timthumb.php was behind his complaint. He should feel free to send an email to pluginsATwordpress.org.

    Lee

    @romanempiredesign

    Sounds to me like what happened is that the plugin includes a version of timthumb.php that is outdated and vulnerable. And his timthumb was hacked is probably what happened. It is a simple fix by running the TimThumb Vulnerability Scanner and updating it, or manually updating it yourself.

    So instead of calling for the plugin to be reported and banned, maybe someone should kindly tell the author that he needs to include a current timthumb file with the updated version. I have a feeling it would be included, should you ask.

    Unfortunately the disable link does not seem to work. Once selected and saved, it goes back to being unchecked automatically, therefore the link remains.

    I’ll note I disabled it using CSS, but this needs to be fixed. It actually generates a 404 error when trying to save the plugin settings. Don’t know if its just me, or if this plugin is in need of an update.

    it says compatible to version 3.0.5

    I see the OP has 3.2.1

    longroad – what was the css you used to disable the backlink, im stuck.
    please help!

    Moderator Jan Dembowski

    @jdembowski

    jjung5400, can you please start your own thread? It’s the best way to get help for your issue.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘[Plugin: YD Recent Posts Widget] POTENTIALLY HARMFUL!!! INSERTS SNEAKY HIDDEN LINK!!! DON'T INS’ is closed to new replies.