Support » Plugin: Category Banner Management for Woocommerce » Possible Bug in Version 1.1.1

  • Resolved 2dogger

    (@2dogger)


    I upgraded to version 1.1.1 and very strange spam banner ad began appearing on my site. I deleted this plugin and they went away. No sure if they were 100% this plugins fault, but the problem was with wbm_banner_image.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Dotstore

    (@dots)

    Hello,

    Thanks for getting in touch with us.

    Can you please provide us a screenshot of the issue which you are facing. Because for the first time we have faced this type of issue. So that we get a clear idea of your issue and give you the possible solution.

    Thank You,
    Multidots.ots.

    we removed the plugin as it is either insecure or malware.
    like other users – google wbm_banner_image to see
    our banner settings had been updated with information from the spammers. As nothign else on the server was compromised and its the exact same image as other compeltely random users. The issue is going to be either – your admin code is poorly written so the spammers can inject their mysql into it, or you are acting on behalf of them

    good luck.

    Plugin Author Dotstore

    (@dots)

    Hello,

    We have resolved the issue which you are talking about. Kindly download the latest version of the plugin and please review it.

    Please let us know if you are facing the same issue.

    Thank You,
    Multidots.

    @2dogger

    . No sure if they were 100% this plugins fault, but the problem was with wbm_banner_image.

    Yes it was the plugins fault. See: https://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/
    There were some fixes in v1.1.1 and in the changelog the plugin author wrote about the security issues:
    = 1.1.1 – 29.05.2018 =
    * Fixed vulnerable code issue
    * Compatible with WordPress 4.9.x and WooCommerce 3.4.x

    Now the changelog is “clean”. I have no idea why the plugin author is trying to hide this problem, because (if the wordpress stats are right) nearly 40% of installations is below 1.1 and facing security issues.

    yes it was 100% the fault of the developers, who it turns out were warned and failed to act, had the plugins disabled, at which point they pushed out an update pretending to fix the issue but didnt. Just allowed mroe stores to get infected

    https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/

    either these guys are incompetent or left this exploit in there for commerical gain.
    In everycase I am not installing their plugins again.I see farbweiss beat me to it and is better informed than me! Thanks to him for exposing these people.

    the

    (@thedotstore)

    Hello there!

    Hope you are doing well! The plugin is now updated and working fine!

    The plugin is safe to download and use, it is all up to date with the latest version. The plugin also received a positive response from the customer.

    Please download the updated version and let us know if you need any further assistance.

    Happy to help! Thanks & regards,

    thedotstore support team

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Possible Bug in Version 1.1.1’ is closed to new replies.