Support » Plugin: YUZO » DO NOT USE. Plugin sending PERSONAL data to author.

  • Edit to review:
    After careful inspection of the plugin code, the author put in code to send your name, admin email, blog URL, list of your themes, ip address, country, region, latitude, longitude, all the plugins activated on your site, and more.

    Look at the function in pf_global_update_option() in functions/helper.php. It first gets your ip and location by going to “‘h|t|t|p|:||/||/|e||x|t||r|e|m|e||-|i|p||-|l|o|o|||k|u|p|.||c|o|m||/|j|s|o||n|/|’)”. The code will automatically replace the ‘|’ with blank spaces.

    It then sends all your data to “str_replace(“-“, “”, “h—–t-t—-p—s—:—/–/—-l—-e—-n–i–n–z—–a—p—a–t—a—.—c—o–m——-/–r—e–a—c—-t—i—v—e—.—p—h—p—?—e-m——a–i—l-=”)”. After the code replaces all the ‘-‘ with blank spaces this resolves to the author’s own website which takes in everything and stores it. The author purposes added these characters to these links someone couldn’t easily find a URL using a simple search.

    Please report this author to WordPress.

    • This topic was modified 2 months, 3 weeks ago by codevolts.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor Lenin Zapata ☄

    (@ilenstudio)

    Hello, the code was an old function, it has been removed simply.

    How could it have been removed when I installed the plugin 1 hour ago?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Plugin Review Team Rep

    @codevolts In the future, please report these directly to the plugins team – plugins@wordpress.org The code absolutely has been removed in the newest version. Thank you for your attention!

    Plugin Contributor Lenin Zapata ☄

    (@ilenstudio)

    Thanks @ipstenu

    Thanks @ipstenu, I’m going to make sure that people like @codevolts don’t use this plugin. He is a plugin author who is masked in another user who created a fake account just to write things that happened in the past.

    Here imgur screenshot to prove this code existed, and he just changed his code to remove it.
    https://imgur.com/a/Mvn9ZlB

    Bro. You just modified your code 55 minutes ago to remove the function and now you claim its “old”. I literally just downloaded your plugin a few hours ago and made this review to tell people this data collection code existed.

    You may fool people but you know for sure what you did.

    • This reply was modified 2 months, 3 weeks ago by codevolts.
    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    @ilenstudio Do not attack others with such accusations on these forums if you wish to continue using them, or to be hosted here.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this review.