WordPress.org

Forums

Quick Chat
security problems (8 posts)

  1. alysko
    Member
    Posted 1 year ago #

    hi,

    Malfunction at 3rd party Plugin detected!
    Name: Quick Chat | Author: Marko Martinović
    Below listed scripts has been automatically stripped because of injection:

    http://localhost/wordpress/wp-content/plugins/quick-chat/js/jquery.c00kie.js
    http://localhost/wordpress/wp-content/plugins/quick-chat/js/quick-chat-load.js

    Not good at all.

    https://wordpress.org/plugins/quick-chat/

  2. square_eyes
    Member
    Posted 1 year ago #

    Hi alysko, can you give us some context? Was this a 4th party XSS injection? Who detected it? Or is this in the source code?

    FYI I'm a user, not the developer.

  3. square_eyes
    Member
    Posted 1 year ago #

    Wordfence found the following new issues on "".

    Alert generated at Tuesday 25th of February 2014 at 10:39:37 AM

    Warnings:

    * Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.db
    * Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.version

  4. square_eyes
    Member
    Posted 1 year ago #

    Seemed I was on the receiving end of a brute fore attack last night

    From my host...

    "I have reviewed logged data on the server and found that your site was being hit quite a bit with WordPress login requests from 213.158.82.62 today:

    [root@myhosthere /my/root]# awk 'My IP Address Here/ {print $7}' /usr/local/apache/domlogs/user/mysite.com | sort | uniq -c | sort -rn | head
    2217 /wp-login.php

    This seemed to cause some issues with the account hitting some of the resource limits we have on our shared servers."

  5. square_eyes
    Member
    Posted 1 year ago #

    My last chat plugin brought me all sorts of grief with XSS attacks. I'd love the developer to weigh in here with his opinion. It's a great plugin, but not if it exposes my site.

  6. alysko
    Member
    Posted 1 year ago #

    Hi square_eyes,

    I don't known what's a "4th party XSS injection" :) SQL injection, ok. XSS, ok. But 4th party XSS injection...

    This message was given by Codestyling Localization.

  7. square_eyes
    Member
    Posted 1 year ago #

    I would have said third party, but that's the plugin. The attacker would be a fourth party. That's all.

  8. square_eyes
    Member
    Posted 1 year ago #

    And I concede, that my issues above may not be related to the plugin. However it happened almost immediately after I installed it. Based on my past experience it's better to report it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Quick Chat
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic