[Plugin: Web Ninja Google Analytics] WARNING! – DO NOT INSTALL – SECURITY ISSUE

i wonder if someone from www.remarpro.com could investigate this further
and if true, please REMOVE this plugin from the repository.

update: i’ve just opened up the source code & taken a scan over it: nothing suspicious that i can see – no ‘base64’ stuff, no suspicious ‘http”s, no visible trojans or exploits. also, authors details are provided if you want to contact him directly.

i haven’t scanned the images, etc. someone probably should, (i’m hoping www.remarpro.com have their own inline-upload anti-viral scanners in place on the these plugin repositories – but that is just a hope and would be nice to have confirmed somehow.)

@socialgrower: could it be that your security warning msg from GA was just coincidence, or perhaps related to some other activity happening at that time?

interested to know.

My Security Evaluation

I have scanned the images with a number of programs and have found no threats. Here are the links to the results of my scans.

Scan 1

Scan 2

I have also perused the code and see no security threats. There is no use of base64, all http connections are appropriate and all https connections are made directly to Google.

If you’re not comfortable entering your GA login creds – you don’t have to. The plugin will still work without that information. However, if you want to use the GA dashboard widget that displays GA stats in your WordPress admin, then you WILL need to enter you GA creds.

I have used this plugin for over a year (with the dashboard widget enabled) and I have had no issues. The problem that socialgrower had was very likely a coincidence.