tvideveloper
Forum Replies Created
-
Forum: Plugins
In reply to: [SparkPost] Who maintains the Sparkpost plugin? Is it abandoned?As a paying SparkPost customer, I opened a support ticket to ask them when they will provide an update for the plugin and their response was:
“We have looked into this with our Product and Engineering teams, and have confirmed that we are no longer maintaining this plugin. It was made to be open-source a few years ago to re-focus development efforts on other projects.”
Which is very disappointing considering a Cross-Site Scripting (XSS) vulnerability was reported on May 15, 2023 for this last version 3.2.5 – https://www.cve.org/CVERecord?id=CVE-2023-23654
Guess it’s time to move to MailGun, which has a fully supported WordPress plugin – https://wordpress.org/plugins/mailgun/
Forum: Plugins
In reply to: [Age Gate] Age Gate hacked on multiple sites, multiple serversThank you @philsbury for your diligence in resolving this matter. Appreciate the plugin and the work you do.
Forum: Plugins
In reply to: [Age Gate] Age Gate hacked on multiple sites, multiple serversI’m on Version 2.18.1 and it appears that the malicious script was added to the Yes / No buttons on the previously insecure version.
Maybe your update has closed the door on future hacks, but it is obviously not retroactively fixing the issue for those that have already been hacked. I’d suggest you release a version that simply overwrites whatever is in the Yes / No buttons to force the malicious script to be removed.
I just happened to visit my client’s site for another reason and discovered the issue. Leaving this as-is without addressing the underlying malicious script is not good for anyone.