Allows an attack?

  • I installed this plugin on 3 of 15 sites (no other site changes) and very shortly afterwards those sites experienced a new signup from a .ru email address (despite new user reg explicitly being disabled). I only know this because wordfence notified me of the registration. When I checked it out, all the headers were being redirected to getmyfreetraffic.com as well as submission for the login form…

    Looking through my notes, the same thing happened on a different site about 6 months ago when I installed this plugin (among other things then).

    Restoring the DB to it’s state from before the sign up and removing the account fixed the hack.

    I’m 99% sure this plugin was the vector in both cases… Given it’s install based, I’m surprised…. Is this intentional or an accidental issue?

Viewing 1 replies (of 1 total)
  • Plugin Contributor Samir Shah

    (@solarissmoke)

    I’m not really sure how to respond to this – other than to say that the plugin is definitely not “intentionally” insecure, and that it has been audited by at least two independent entities who haven’t found any issues with it. The source code is public and if there were any malicious code in it, I’m reasonably sure someone would have pointed that out by now given how many people use the plugin.

    On that basis I don’t have any reason to believe that the issues you report are caused by this plugin. If you can provide concrete evidence to the contrary then I’ll look into it – but anecdotes saying that a site was compromised some time after installing this plugin are not sufficient.

    The specific redirect you refer to is associated with known vulnerabilities in other plugins: https://stackoverflow.com/questions/55250170/getmyfreetraffic-redirect-has-taken-over-my-website

Viewing 1 replies (of 1 total)
  • The topic ‘Allows an attack?’ is closed to new replies.

Tags