WordPress.org

Plugin Reviews

Custom Content Type Manager

Version: 0.9.8.9 Break out of your blog! Create custom fields for dropdowns, images, and more! This plugin gives WordPress true CMS functionality.

50 reviews
Average Rating
3.9 out of 5 stars
They are correct...Don't get it, or anything by this author
By , for WP 4.4.2

And even if it gets fixed, I recommend staying away from anything this author writes in the way of code...malicious once, malicious definitely will be again...no doubt. You can't change a person's character or integrity...it requires people to stand for something even when it's again self best-interest...and if someone does something like this once, more than the incident itself, it is a revelation of that person's character, so the chances are that very great that they will do it again, maybe not today, this week, or even this year...but they will. It's what they value in the world...taking advantage of people. Proving they are smarter...vanity, greed, power; ...or whatever the reason they have corrupt values, that's in fact what they have. And if he comes up with an excuse, ...you don't write malicious code and get it accepted by WordPress on 'accident' .

The article: [ link redacted, please do not post links in reviews ]

(if the link doesn't get removed)

Malicious Plugin
By , for WP 4.4.2

The fine people at Wordfence have warned that a backdoor was added to the Custom Content Type Manager plugin by a malicious coder who gained access to the plugin code in the official WordPress plugin repository.

According to Wordfence, It’s unclear whether the plugin author’s credentials were stolen or whether the malicious actor was granted access.

The WordPress security team removed the malicious user account that added the backdoor to the plugin. They have also removed all malicious code that was added to the plugin and updated the version number so that users running this plugin will be prompted to upgrade.

WARNING Do not use this plugin!
By , for WP 4.4.2

It comes with a Backdoor through which can log and steals site admin credentials. It should be removed from the official WordPress Plugin Directory. Read here Sucuri's investigation report.

Lost confidence of author/plugin
By , for WP 4.4.2

First I read about a backdoor in the plugin.
https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html

Then I read the authors profile:
Samuel Wood (Otto)
Interests: WordPress, Beer, Hacking, Homebrewing

You like homebrewed beer and hacking? A dangerous combo :)

Security Risk
By ,
SECURITY THREAT
By , for WP 4.4.2

AVOID AT ALL COSTS

http://news.softpedia.com/news/popular-wordpress-plugin-comes-with-a-backdoor-steals-site-admin-credentials-501383.shtml

"Custom Content Type Manager version 0.9.8.8 contains malicious code
As Sucuri's investigation revealed, in the past two weeks, the plugin that looked like an abandoned project for the last 10 months, mysteriously changed owner, and immediately after, the new developer, named wooranker, updated the plugin and pushed out a new version.

All the changes he made to the plugin were of a nefarious nature. First, there was the addition of the auto-update.php file, which included the ability to download files from a remote server on the infected website.

Additionally, wooranker also added the CCTM_Communicator.php file, which worked together with another, older, legitimate plugin file. The purpose of these two files was to ping wooranker's server about the presence of a newly infected site.

Besides gathering info on the victim's site, this plugin also tapped into the WordPress login process and recorded usernames and the password, albeit in encrypted format, sending the data to the wordpresscore.com server."

It turned bad
By , for WP 4.4.2
Steals login credentials!
By , for WP 4.4.2

http://news.softpedia.com/news/popular-wordpress-plugin-comes-with-a-backdoor-steals-site-admin-credentials-501383.shtml

You should uninstall this immediately and change your user credentials.
They have purposely placed a backdoor in and edited core files to log your user data.

You must log in to submit a review. You can also log in or register using the form near the top of this page.