Reason for closing?

Hey @redima

We would gladly share any actual information on this, but the notice we got had a very long list of “issues” attached, starting with trademark things – they’ve asked us to remove Woo and Amazon/eBay logos from our banners – followed by a lot of best practise guidelines, most of which are not security relevant in any way. They didn’t include any more information than that.

We were working on implementing the changes they requested, at least the part that could potentially be security relevant, and have submitted an updated version of WP-Lister for eBay just now. We can only hope that they won’t take too long (up to 5 business days they say) for another review – and that the changes will satisfy them.

Some issues on their list were clearly false positives – and that list clearly came from an automated script, scanning the code for certain keywords and patterns. The last security audit on WP-Lister for eBay was a couple of years back, after which we consequently used nonces for every potentially dangerous user action, and prepare statements for every single database call – which should effectively prevent most attacks, including SQL injection, especially from not logged in attackers.

At this time this is all we know.

Kind regards,
John

Thank you!

Dirk

Update: Both versions of WP-Lister have been restored, and there has been an update to version 2.2.5 for WP-Lister for eBay to fix some “Link expired” errors users were getting due the security hardening.

Let me know if you see similar errors in WP-Lister for Amazon 1.0.4 – I’m afraid we could not test every single action before releasing that version, as you can probably imagine.

We still don’t have any more information on what exact issue was the reason for the suspension, all I can say is that the latest version 1.0.4 has been confirmed to be safe by the plugin review team.

?kind regards,
Matt