Support » Plugin: Image Slider Widget » WARNING! SPYWARE INCLUDED after ownership change!!!

  • After ownership change, the plugin contains SPYWARE!
    All Visits to the Blog are sent to the plugin owners server, including visitor data!

    Although this is mentioned as “opt-in” in the latest version (this wasn’t the case before), using this is against european law in my opinion as it does not only send anonymous “analytics” data but full ip and browser of the visitor including the visited url etc.

    global $wp_version;
    	$data = array(
    		'url' => full_url($_SERVER, true),
    		'ua'  => $_SERVER['USER_AGENT'],
    		'version' => '0.0.0.2',
    		'php_version' => phpversion(),
    		'wp_version' => $wp_version,
    		'ip' => get_the_user_ip(),
    		'plugin_id' => '3jdmn',
    	);
    
    	$c = curl_init();
    
    	curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
    	curl_setopt($c, CURLOPT_TIMEOUT, 50);
    
    	// Set the options
    	curl_setopt($c, CURLOPT_URL, 'http://api.afkay.com/analytics');

    https://wordpress.org/plugins/weptile-image-slider-widget/

Viewing 6 replies - 1 through 6 (of 6 total)
  • …..ugh spent a hour looking for a plugin like this only to see this reported about it. gah!

    You can install it, then modify the main file to remove the parts of code and then be sure, not to update the plugin afterwards.
    It seems to be only this part of the plugin that is malicious.

    Good to know. They just e-mailed me wanting to buy ownership of my plugin.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Please report issues like this to plugins AT WordPress.org

    I’ll handle this one 🙂

    I did already 🙂

    Plugin Author pmslider

    (@pmslider)

    Hey guys, I’m really sorry that you feel we’re doing something malicious. We made this opt-in and you clearly feel it’s still a negative thing.

    If you feel we’ve miss-represented any of our intentions and are afraid of EU laws, we’ll make this a lot more clear.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘WARNING! SPYWARE INCLUDED after ownership change!!!’ is closed to new replies.