WordPress.org

Make WordPress Core

Opened 3 months ago

Closed 3 months ago

#52289 closed defect (bug) (invalid)

WP ERP is a SPAM, product and data stealing plugin

Reported by: saltyruss Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

WP ERP sent SPAM to 57,000 of my users with absolutely no notice, no confirmation, no indication that it would happen. I was testing it on 2 test 'users' and it accessed 57,000 of my users with no notice or confirmation - no indication of any kind that it would send an email to anyone - and sent them an email stating that their user email address has been changed. WP ERP provided absolutely no indication that this would happen. In fact, I was only testing their system on 2, two, test accounts. Their product wreaks havoc on an otherwise solid platform, which is WordPress. is there no vetting process for plugins to be on your marketplace? no automated, even simplistic method to test if a plugin is abusing good WordPress resources?

The makers of WP ERP have not responded directly to my several attempts to contact them directly about this issue. They have only responded, very late I might add, to a forum entry, in which they made false claims. I have no confidence that they are not intent on extorting confidential contact information for nefarious or maybe even criminal purposes.

Russ Johnson
President, PCN, LLC.
russ@…

Change History (6)

#1 @fierevere
3 months ago

  • Resolution set to invalid
  • Status changed from new to closed

Core trac is not the right place for such accusation.

Please contact plugin team with details using their email:

plugins@wordpress.org

Closing this ticket.

Last edited 3 months ago by fierevere (previous) (diff)

#2 @saltyruss
3 months ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

How can you possibly know the results in less than 2 min.?
?
Simply deplorable.

You did not even contact me or look at a single log.

I guess it's all about promoting ShovelWare... Just keep it going...

Best,
Russ

#3 @saltyruss
3 months ago

How can you possibly know the results in less than 2 min.?
?
Simply deplorable.

You did not even contact me or look at a single log.

I guess it's all about promoting ShovelWare... Just keep it going...

Best,
Russ

#4 @fierevere
3 months ago

  • Resolution set to invalid
  • Status changed from reopened to closed

You have reported this in wrong place.
Dont reopen.

#5 @saltyruss
3 months ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

I reported in the place that your reporting construct said was correct. Either the plugin screwed up, or, and I mean a big OR, it performed correctly and the WordPress core code screwed up. The result is that over 57,000 email addresses were compromised. 57,000.

So, If your objective is to simply clear items and meet your quota then you live with that. I, however, want to know the truth about what happened so I can report it the the MLS, the US National Association of Realtors, and each of the 57,000 people affected. I know it means nothing to you in terms of simply processing a ticket, but it means a lot to each of them.

Do not simply close this ticket. Something is wrong. You need to escalate or redirect it as appropriate. Don't sweep it under the rug in the name of 'user can figure out our internal system and try to route it accordingly'.

#6 @swissspidy
3 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Severity changed from critical to normal
  • Status changed from reopened to closed

Sorry to hear you had a negative experience with a third-party plugin. Since this plugin has no affiliation with the WordPress open source project itself (other than being a plugin for WordPress), there's nothing we can do on this Trac site here. Simply put: we have no affiliation with WP ERP.

This site is for reporting bugs in WordPress itself, not for reporting negative experiences with third-party plugins.

If you downloaded the plugin in question from the WordPress.org plugin directory, email plugins [at] wordpress.org instead. They would be able to help you sort things out with the vendor.

If you downloaded the plugin from the vendor directly, this is an issue between you and the vendor, not the WordPress open source project.

So, email plugins [at] wordpress.org and reach out to the vendor directly to get to the bottom of this.

But this is not the right place for this.

Note: See TracTickets for help on using tickets.