Support » Plugin: Category Banner Management for Woocommerce » warning – SPAM SPAM

  • Resolved mattyl

    (@mattyl)


    Like others, this plugin is showing spam ads

    there must be a security hole allowing the spammers to alter the settings for the checkout, cart etc banners

    do not install until either this is fixed or this is found to be active on the part of the developers.

    there are only a couple of reports, so this may be an issue with latest version.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Dotstore

    (@dots)

    Hello,

    Thanks for getting in touch with us.

    Can you please provide us a screenshot of the issue which you are facing. Because for the first time we have faced this type of issue. So that we get a clear idea of your issue and give you the possible solution.

    Thank You,
    Multidots.

    we removed the plugin as it is either insecure or malware.
    like other users – google wbm_banner_image to see
    our banner settings had been updated with information from the spammers. As nothign else on the server was compromised and its the exact same image as other compeltely random users. The issue is going to be either – your admin code is poorly written so the spammers can inject their mysql into it, or you are acting on behalf of them

    good luck.

    Plugin Author Dotstore

    (@dots)

    Hello,

    We have resolved the issue which you are talking about. Kindly download the latest version of the plugin and please review it.

    Please let us know if you are facing the same issue.

    Thank You,
    Multidots.

    Can you please provide us a screenshot of the issue which you are facing. Because for the first time we have faced this type of issue.

    Why are telling that this is new to you? You have been told about the security problems some time ago!
    https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/

    In the changelog of version 1.1.1 of this plugin you wrote:
    ——————————–
    = 1.1.1 – 29.05.2018 =
    * Fixed vulnerable code issue
    * Compatible with WordPress 4.9.x and WooCommerce 3.4.x
    ——————————–

    Now this info is gone in latest version 1.1.2.
    this is the “clean” changelog now…
    ——————————–
    1.1.2 – 19.06.2018
    Normal Bug Fix
    1.1.1 – 29.05.2018
    Normal Bug Fix
    ——————————–
    This does not help people! You should tell about the problems the plugin had, provide a fix and give people a change to update to latest versions. Do not try to HIDE serious security issues! Because this only raises distrust.

    The exploit is out there and is IN USE. https://labs.threatpress.com/unauthenticated-settings-change-vulnerability-in-woocommerce-category-banner-management-plugin/

    the

    (@thedotstore)

    Hello there!

    Hope you are doing well! The plugin is now updated and working fine!

    The plugin is safe to download and use, it is all up to date with the latest version. The plugin also received a positive response from the customer.

    Please download the updated version and let us know if you need any further assistance.

    Happy to help! Thanks & regards,

    thedotstore support team

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘warning – SPAM SPAM’ is closed to new replies.