Shady HIJACKING WordPress Plugin

  • This plugin adds “Clean and Simple WordPress Contact Form by Meg Nicholas – WordPress Developer” and its version number to your source code that will be stored into Google as your website description.

    <div class=”cscfVersion” style=”display:none;”> Clean and Simple WordPress Contact Form by Meg Nicholas – WordPress Developer. Version 4.3.4 </div>

    Notice the display:none; which is not visible to you and other people but still visible to search engines.

    Kinda search engine spamming and also make it vulnerable for any wordpress site that has this installed by showing the actual version number. If there are any knows exploits the only thing hackers would have to do is looking for sites with that plugin installed with the particular version number.

    AVOID THIS PLUGIN!!!!!!!!!!!!!!!!

    Shady search engines spamming and security risk!!!!

Viewing 3 replies - 1 through 3 (of 3 total)

  • This plugin as been passed by WordPress. I add the version number to the html so that I know which version users are running when they come to me for support.
    If you think this plugin has security risks I will happily forward to WordPress so that they can check for issues.

    Thread Starter wordpresses

    (@wordpresses)

    It’s shady practices to kinda spam search enginges via website’s description.

    I would call it blackhat.

    And yes including version numbers is a big no-no.
    Making it peace of cake for hackers to find domains using your plugin with particular version to exploit.

    Please note that the offending HTML has been removed. You can download the updated version now.

    I would be grateful if you would reconsider your review. I am sure you appreciate that a lot of work has gone into producing and supporting this free plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Shady HIJACKING WordPress Plugin’ is closed to new replies.