Why is Git Updater flagged as a threat?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Eli

    (@scheeeli)

    Thanks for bringing this code to my attention. I admit that this is my first time viewing this code but from what I can tell it appears to be just as insecure as my plugin suggests. From looking at the code I can see that it is designed to automatically install other “plugins” from external sources that have not been verified by WordPress. It also appears to accept $_REQUEST variable as active parameters for taking these actions and it even creates it’s own WP Nonce Token which could essentially circumvent the security feature built into WordPress. If this is meant to be a legitimate plugin then you have to wonder why it is not available on the WordPress Plugin Repository, I personally doubt that the Plugin Moderators would allow such code on their Repository as it seems to violate several plugin guidelines.

    I have not had the time to make a thorough case study or generate a proper outline of how this code can be exploited, and I don’t see myself doing this any time soon either. This code is suspicious enough for me to keep it designated as a known threat unless I see evidence to the contrary. If the developers what to assert that their code is safe and complies with the WordPress Plugin Guidelines then they should simply submit it to the WordPress Plugin Moderators for a proper review.

    Please let me know if you have any further questions or concerns.

    Thread Starter wpcheetah

    (@wpcheetah)

    Okay, I see. So rather than being a “known threat” it is more of a potential vulnerability. I thought maybe there was some evidence of malicious intent.

    Thanks for reviewing this.

    Plugin Author Eli

    (@scheeeli)

    I guess you could say that. The fact is that the code in that file does actually match the pattern of the known threat that has been used to infect other sites. It is essentially a back-door not so much unlike any other back-door that a hacker might use to exploit a website. The only difference here is that this back-door is designed to be used for a specific purpose by users like you to easily install other new plugin code from third-party sources like github.

    I would be very curious to know more about how you personally use this plugin and what other plugins and add-ons you have used it to install. Could you give me some details about how and why you use this plugin?

    Also, what prompted you to find and install this plugin in the first place?

    • This reply was modified 1 year, 7 months ago by Eli.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Why is Git Updater flagged as a threat?’ is closed to new replies.