ashes00
Forum Replies Created
-
Author David looks to by busy coding with AI
https://www.linkedin.com/feed/update/urn:li:activity:7318691441113772033/WOW! Yes thats HUGE red flag. Anyone still using this plugin should run, not walk, and purge this plugin from their WP installations immediately. It sounds like the author’s systems have been compromised.
And just like that; All WP sites under out control have been moved over to a better replacement below.
https://wordpress.org/plugins/wp-sitemap-page/
I can not believe that some people pay for a pro license, and this is how they are treated. Best of luck author!
I’ve reached out to the author, and no response. Tomorrow we will be moving away to a simpler, and in my opinion a better site map solution. Check out the plugin below. Its still being maintained with over 300K installations, and offer just a basic HTML site-map. If you need XML site-map then its not for you.
Additional Information since my last post must have been deleted!
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-sitemap/simple-sitemap-create-a-responsive-html-sitemap-3514-missing-authorizationWe have been forced to deactivate this plugin on all of our customer’s sites. On 04/29 if there is no fix we will be forced to delete, and replace with a competing plugin that is secure.
Author PLEASE communicate with your users. Silence is the worst path here. Thank you
Ash,
Forum: Plugins
In reply to: [Mailgun for WordPress] Plugin Closed?Good to know the as the slug is never released. Hopefully that stays the policy!
Forum: Plugins
In reply to: [Mailgun for WordPress] Plugin Closed?Wordfence reports on closed Plugins as a means to alert of possibly abandoned plugins that can be hijacked by a 3rd party, and used for malicious purposes. This is an extremely useful security feature. Wordfence also reports when a plugin has a known CVE which is another extremely useful function. It would still be nice for the authors to provide some sort of calming communication. I’m hoping it was closed for a missed bounced email, and not something worse.
Forum: Plugins
In reply to: [Mailgun for WordPress] Plugin Closed?I’m giving them 48 hours from initial discovery to respond here or on X with something meaningful. If not, then we must assume the worst from an OpSec perspective. We will have to disable, and move the SMTP plugin functionality to Fluent-SMTP. Next will be moving to a new Transactional Email Provider such as Amazon SES, SendGrid, Postmark, etc. All of this could be avoided if MailGun would just communicate in a meaningful way to its users. Talk about shooting yourself in the foot.
https://wordpress.org/plugins/fluent-smtp/@mailgun, @sivel, @lookaheadio, @alanfuller, @m35dev any idea whats going on?
I can confirm the upgrade works. I have enabled the plugin again.
@dgwyer thank you for patching this plugin.
I can confirm the upgrade works. I have enabled the plugin again.
@dgwyer thank you for patching this plugin.
Tried to update, and it failed.
WordPress error: Update failed: Download failed. Not Found
I’ll try again in a few mins. Maybe its a CDN propagation issue.
@dgwyer Looking forward to that new release.
@dgwyer thank you for commenting on the issue sir!
All – I just sent the parent company WPGO a message on their contact page at https://wpgoplugins.com/contact-us/ asking for a response. If we do not get any response soon we should pry consider this plugin as abandoned, and move forward with complete removal. If you are reading this it is highly advised to disable the plugin for security. If you can do without the plugin it advised to disable, and remove the plugin 100% until there is a fix/patch. I personally will be removing this plugin from all of my sites after 1 week of no response from the author.
Author – Can you please acknowledge this issue? Silence is never a good sign. Thanks