WordPress.org

Make WordPress Core

Opened 11 days ago

Closed 11 days ago

#41845 closed defect (bug) (invalid)

Hijacked links on a wordpress.org plugin listing page

Reported by: inspiredmind Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Plugins Keywords:
Focuses: Cc:

Description

I am not sure where to report this, as wordpress.org does not provide a way to flag or report plugins. But as this is potentially a bug or issue with the wordpress.org web site, I am posting it here. If there's a better place to post it, please move it there.

I was viewing the plugin page here: https://wordpress.org/support/plugin/woocommerce-currency-switcher/

Most of the outgoing links on this plugin description page appear to have either been hacked by a third party, or the plugin developer has intentionally set up the links to forward to a scam "become a millionaire" site.

If the prior is the case, then this is a serious issue. If the later is the case, then this plugin developer needs to cease using wordpress.org for posting links to this crap.

You can see my report to the plugin developer here: https://wordpress.org/support/topic/your-links-on-plugin-description-page-have-been-hijacked/#post-9483003

Change History (3)

#1 @inspiredmind
11 days ago

Here is another page with a ".com.com/" domain that goes to a spam site:
https://en-au.wordpress.org/plugins/myrealpage-idx-listings/

Links through to: https://aydacfu.xyz/?affiliate_id=12&origin=myrealpage.

I've done a search on Google.com for instances of ".com.com" on wordpress.org/plugins, and didn't turn up much else. So it would appear this issue may be unique to the developer of the woocommerce-currency-switcher plugin.

#2 @inspiredmind
11 days ago

  • Summary changed from Hijacked links on one or more wordpress.org plugin pages to Hijacked links on a wordpress.org plugin listing page

#3 @SergeyBiryukov
11 days ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @inspiredmind, welcome to WordPress Trac!

This Trac is used for enhancements and bug reporting for the WordPress core software.

For plugin-related security issues, please contact the Plugin Review Team.

Note: See TracTickets for help on using tickets.