DO NOT USE. Plugin sending PERSONAL data to author.

  • Edit to review:
    After careful inspection of the plugin code, the author put in code to send your name, admin email, blog URL, list of your themes, ip address, country, region, latitude, longitude, all the plugins activated on your site, and more.

    Look at the function in pf_global_update_option() in functions/helper.php. It first gets your ip and location by going to “‘h|t|t|p|:||/||/|e||x|t||r|e|m|e||-|i|p||-|l|o|o|||k|u|p|.||c|o|m||/|j|s|o||n|/|’)”. The code will automatically replace the ‘|’ with blank spaces.

    It then sends all your data to “str_replace(“-“, “”, “h—–t-t—-p—s—:—/–/—-l—-e—-n–i–n–z—–a—p—a–t—a—.—c—o–m——-/–r—e–a—c—-t—i—v—e—.—p—h—p—?—e-m——a–i—l-=”)”. After the code replaces all the ‘-‘ with blank spaces this resolves to the author’s own website which takes in everything and stores it. The author purposes added these characters to these links someone couldn’t easily find a URL using a simple search.

    Please report this author to WordPress.

    • This topic was modified 4 years, 10 months ago by codevolts.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor ilenstudio

    (@ilenstudio)

    Hello, the code was an old function, it has been removed simply.

    Thread Starter codevolts

    (@codevolts)

    How could it have been removed when I installed the plugin 1 hour ago?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    @codevolts In the future, please report these directly to the plugins team – [email protected] The code absolutely has been removed in the newest version. Thank you for your attention!

    Plugin Contributor ilenstudio

    (@ilenstudio)

    Thanks @ipstenu

    • This reply was modified 4 years, 10 months ago by ilenstudio.
    Thread Starter codevolts

    (@codevolts)

    Thanks @ipstenu, I’m going to make sure that people like @codevolts don’t use this plugin. He is a plugin author who is masked in another user who created a fake account just to write things that happened in the past.

    Here imgur screenshot to prove this code existed, and he just changed his code to remove it.

    View post on imgur.com

    Bro. You just modified your code 55 minutes ago to remove the function and now you claim its “old”. I literally just downloaded your plugin a few hours ago and made this review to tell people this data collection code existed.

    You may fool people but you know for sure what you did.

    • This reply was modified 4 years, 10 months ago by codevolts.
    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    @ilenstudio Do not attack others with such accusations on these forums if you wish to continue using them, or to be hosted here.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘DO NOT USE. Plugin sending PERSONAL data to author.’ is closed to new replies.