Support » Plugin: Quick Chat » security problems

Viewing 7 replies - 1 through 7 (of 7 total)
  • Hi alysko, can you give us some context? Was this a 4th party XSS injection? Who detected it? Or is this in the source code?

    FYI I’m a user, not the developer.

    Wordfence found the following new issues on “”.

    Alert generated at Tuesday 25th of February 2014 at 10:39:37 AM


    * Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.db
    * Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.version

    Seemed I was on the receiving end of a brute fore attack last night

    From my host…

    “I have reviewed logged data on the server and found that your site was being hit quite a bit with WordPress login requests from today:

    [root@myhosthere /my/root]# awk ‘My IP Address Here/ {print $7}’ /usr/local/apache/domlogs/user/ | sort | uniq -c | sort -rn | head
    2217 /wp-login.php

    This seemed to cause some issues with the account hitting some of the resource limits we have on our shared servers.”

    My last chat plugin brought me all sorts of grief with XSS attacks. I’d love the developer to weigh in here with his opinion. It’s a great plugin, but not if it exposes my site.

    Hi square_eyes,

    I don’t known what’s a “4th party XSS injection” 🙂 SQL injection, ok. XSS, ok. But 4th party XSS injection…

    This message was given by Codestyling Localization.

    I would have said third party, but that’s the plugin. The attacker would be a fourth party. That’s all.

    And I concede, that my issues above may not be related to the plugin. However it happened almost immediately after I installed it. Based on my past experience it’s better to report it.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘security problems’ is closed to new replies.