HACKER ENTRACE

@stheoret : I think your definition of a hacked is a bit broad. How exactly was your site hacked?

I’ve reviewed the plugin and don’t see how it can be exploited to hack a site. Could you have just meant that the plugin caused an issue with your site? What version of the plugin were you using? v2.4 caused an issue for many people (such as menus getting deleted). v2.5 was released 3 days ago which should fix that problem.

I can sympathize with the plugin causing issues with a site, but saying you got hacked is rather extreme. Simply removing the plugin would not cause a hack to go away (a bug/problem would go away, though).

If you indeed mean that the plugin caused issues for you, consider trying the latest release to see if it behaves better. Please do report back either way! Cheers!

Well… For sure, to resolve the problem i didn’t had just to remove the plugin!… i had to clean up some files that were hacked/replaced by the exploit.

I understand that it is not something fun to deal with. I am sure you do not have bad intentions …. Maybe a crossing line in the WordPress core development and the development of the plugin opened for a while ( or might be still opened ) a window large enough to hack a wordpress installation…

On my server i have more than 15 websites. All of them had the same WordPress versions, All running on the same Apache, Php.ini files and configs…

The only 3 websites that were hacked had your plugin installed. So it took me a while to point out the problem.

Anyway… I had to comment this… this was too unusual to keep silence.

Hope the code is now fully protected for your actual users…

I have nothing against you and/or your plugin. I described a situation that happened to me.

See ya.