I am the original author of SI CAPTCHA for WordPress. This plugin had a new owner in June 2017 with a WP user profile name “fastsecure”. The new owner attempted to put code in several of his newly acquired WordPress plugins that would connect to a 3rd party server he also owned and place spam ads for payday loans and such in the WP posts.
The new owner put spam code in versions 3.0.1 and 3.0.2 but it failed to display any spam because he put the code in the secureimage.php file. The malicious code required WordPress libraries to also be loaded to execute. The reason the spam code did not do anything at all is because the secureimage.php file is not included in the WordPress run time environment. The secureimage.php file is included from another file securimage_show.php that loads the captcha image directly from html img src outside of the WordPress run time. The spam code in this plugin was never activated, it would not have corrupted your posts or changed anything in the WordPress database.
I am sorry for any inconvenience this has caused. I never expected that this would happen. The plugin was taken off the WordPress repository by WordPress staff until this can be sorted out. Perhaps a new version will soon be published. I might be able to restore my Contributor status. In the meantime it should be advised to deactivate or uninstall the plugin.
- The topic ‘Where did the plugin go?’ is closed to new replies.