[Plugin: Social Sharing Toolkit] Malware – Social Sharing toolkit

What version scanned as malware for you? I’m still using 2.0.4 on a couple of sites, and was just about to download this update when I saw your message. Those sites still using 2.0.4 scanned clean for me just now.

The most recent I believe (removed it instantly so can’t check). Still left my blog as an ‘internal error’ after messing up the W8 cache plugin. https://inkbotdesign.com/blog/

It looks like he just released version 2.0.7 sometime within the past few hours… I’ll check to see if that one is clean.

I upgraded one of my sites to version 2.0.7, then scanned it, and Sucuri verified it as clean. I only have Facebook Share, Google+ and StumbleUpon activated on that particular site, if that helps.

Thank you. Really don’t know what happened because installing the plugin was the only change in the last 48 hours, so I’m pretty sure it came from it. Just hope others don’t get the same problem – I’ve only really managed to fix it now (after around 2 hours of fiddling).

There was a note in the forums saying that there was phishing attack aimed at plugin developers, trying to gain access to their repositories, but they said they’d removed any affected plugins for the time being… and this one never seemed to be pulled offline.

Just to be sure, you should also check with your webhost and make sure there wasn’t some cross-scripting attack on their servers that might have hit your site.

Also give your database a cursory once-over. There was a cross-scripting attack a few years ago that I thought I’d cleaned up, but they’d managed to insert hidden WP user accounts in a couple of my sites that I didn’t find until a couple weeks after the first cleaning.

wow didn’t think that of that! I’ve mentioned it to the ISP already – waiting on a response ??

Thanks again for your help

Hi there, sorry to jump on this thread but having installed a malware plugin (6scan) following some recent issues its flagging up a potential problem with the Social Sharing Toolkit plugin.

This is the fix its suggesting:

Go to your Social Sharing Toolkit directory
Backup the googleplus.js.php file
Open it for editing
Find the line that containts the next code: if (isset($_GET[‘lang’])) {
Add the next code lines after it:
$_GET[ ‘lang’ ] = htmlspecialchars( $_GET[ ‘lang’ ] , ENT_QUOTES );

Make sense to anyone!? ??

would be interested to hear from the developer on this…

As of version 3.0.8 of the plugin, googleplus.js.php doesn’t contain htmlspecialchars.

awesome, thx ??

But the plugin is only on version 2.1.1