Title: Security vulnerability Last modified: July 6, 2024 --- # Security vulnerability * Resolved [jbhphx](https://wordpress.org/support/users/jbhphx/) * (@jbhphx) * [1 year, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-143/) * We had malware fishing popups appearing on the site and could not track down the malware, even with a site scanner. We figured out it had to be in a plugin, and by process of elimination, it was this plugin. I looked at the reply on a couple other threads like this, and I can assure you no one with admin access to WP made this happen. It must be a needed patch. Just a heads up. Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Jeff Starr](https://wordpress.org/support/users/specialk/) * (@specialk) * [1 year, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-143/#post-17872199) * Hello, * There are no outstanding security issues with this plugin. * If you have a new security issue to report, please follow WordPress guidelines and report the issue privately to the vendor (2nd paragraph): * [https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/) * Also I am the author of this plugin, to reach me anytime visit my [contact form](https://plugin-planet.com/support/#contact). * Thank you for your understanding. * Plugin Author [Jeff Starr](https://wordpress.org/support/users/specialk/) * (@specialk) * [1 year, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-143/#post-17872206) * Also RE: “a couple other threads like this”: * There were two reports from almost 3 months ago. One is a false positive, and the other was user error. Again, there are no outstanding security reports with this plugin. * Also please understand that server-side malware can infect *any* file, including plugin files; there doesn’t have to be a vulnerability in the plugin itself. Malware can add bad scripts to any plugin, any file, anywhere on the server. * If you think your site may have been hacked, follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/). When you’re done, you may want to implement some (if not all) of WordPress’ recommended [security measures](https://developer.wordpress.org/advanced-administration/security/hardening/), and learn more about [site backups](https://developer.wordpress.org/advanced-administration/security/backup/). * I hope this helps, let me know if I can provide any further information. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security vulnerability’ is closed to new replies. * ![](https://ps.w.org/ga-google-analytics/assets/icon-256x256.png?rev=2053004) * [GA Google Analytics – Connect Google Analytics to WordPress](https://wordpress.org/plugins/ga-google-analytics/) * [Frequently Asked Questions](https://wordpress.org/plugins/ga-google-analytics/#faq) * [Support Threads](https://wordpress.org/support/plugin/ga-google-analytics/) * [Active Topics](https://wordpress.org/support/plugin/ga-google-analytics/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ga-google-analytics/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ga-google-analytics/reviews/) * 4 replies * 2 participants * Last reply from: [Jeff Starr](https://wordpress.org/support/users/specialk/) * Last activity: [1 year, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-143/#post-17872206) * Status: resolved