#41414 closed defect (bug) (invalid)
Display Widgets Plugin Is A Trojan Horse
Reported by: | calvin_ngan | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Widgets | Keywords: | |
Focuses: | Cc: |
Description
This plusgin
https://wordpress.org/plugins/display-widgets/
creates undetectedable pages with spammy links.
I believe the code can be found in their geolocation.php
https://www.google.com/search?q=geckoandfly.com+payday&ie=utf-8&oe=utf-8&client=firefox-b
I've removed the secret page, but after going thru my MySQL, i found a few codes that related back to the said plugin. things like 3371_last_checked_3771 and displaywidgets_ids, all created by the plugin and inserted in wp-options.
the article and pages cannot be search via post/page, only can be found in wp-options.
ever since it was sold to the new owner, it comes with many funny codes.
Change History (3)
#1
follow-up:
↓ 2
@
7 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version 4.8 deleted
#2
in reply to:
↑ 1
@
7 years ago
Replying to pento:
Thank you for the report, @calvin_ngan!
For future reference, it's best to contact the plugin team for plugin-related issues, at plugins@…. I've closed the plugin and contacted the team, for them to review it.
Hi, I understand, but I tried searching for a way to contact wordpress but failed to do so, maybe it is a good idea to have a 'report' button on every plugin? The new guy behind Display Widget is up to now good.
#3
@
7 years ago
Adding a direct link to report a plugin is on the todo list, it just hasn't been tackled, yet. See #meta1598.
In the mean time, the Plugin Handbook has a page on reporting security issues with plugins.
Thank you for the report, @calvin_ngan!
For future reference, it's best to contact the plugin team for plugin-related issues, at plugins@…. I've closed the plugin and contacted the team, for them to review it.