Skip to:

Security warning

  • danbpfr


    Hi BP people,

    i want to warn you against wp-contacts-directories plugin. This plug is recently updated and works with WP and WPMU/BP…. If you already use it, uninstall it.

    If you know what you do, take care of it because this plugin contains many security holes (for ex. extract($_POST);…) and a spy code line 556 to 562 who contains something like this:

    $res = file_get_contents("$n&h=$h&m=$e");

    in another if statement, line 577, we find :

    $output = file_get_contents("");

    This is illegal as far as i know…

    Anyway this is a perfect example of what not to do in matter of security, php and open source coding.

    Of course i also post this on the WP forum.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hmm available for all in the main WP plugin repository, this is what’s not great about all and sundry banging out plugins without any apparent checks in place, most users haven’t a clue what they are installing really.

    Think it’s been mentioned in general before but there really needs to be a sanctioned, vetted, approved plugin repository where at least users can be directed and assured of reasonable security then it’s a case of install plugins from elsewhere and on your own head be it.



    I am very surprised at the lack of feedback from the community to this kind of warning ! What a deafening silence…

    It’s an odd response.. or lack of

    I’d kind of like to hear that a project that is getting as mature as WP (this isn’t really a BP issue after all) would be considering this aspect of plugin authoring and placing some form of control or seal of approval on certain plugins



    Thanks for the warning!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security warning’ is closed to new replies.
Skip to toolbar