Security vulnerability

  • Resolved jbhphx

    (@jbhphx)


    1 year, 10 months ago

    We had malware fishing popups appearing on the site and could not track down the malware, even with a site scanner. We figured out it had to be in a plugin, and by process of elimination, it was this plugin. I looked at the reply on a couple other threads like this, and I can assure you no one with admin access to WP made this happen. It must be a needed patch. Just a heads up.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Starr

    (@specialk)

    1 year, 10 months ago

    Hello,

    There are no outstanding security issues with this plugin.

    If you have a new security issue to report, please follow WordPress guidelines and report the issue privately to the vendor (2nd paragraph):

    https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/

    Also I am the author of this plugin, to reach me anytime visit my contact form.

    Thank you for your understanding.

    Plugin Author Jeff Starr

    (@specialk)

    1 year, 10 months ago

    Also RE: “a couple other threads like this”:

    There were two reports from almost 3 months ago. One is a false positive, and the other was user error. Again, there are no outstanding security reports with this plugin.

    Also please understand that server-side malware can infect *any* file, including plugin files; there doesn’t have to be a vulnerability in the plugin itself. Malware can add bad scripts to any plugin, any file, anywhere on the server.

    If you think your site may have been hacked, follow this guide. When you’re done, you may want to implement some (if not all) of WordPress’ recommended security measures, and learn more about site backups.

    I hope this helps, let me know if I can provide any further information.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security vulnerability’ is closed to new replies.