annoyingmouse
Forum Replies Created
-
Forum: Plugins
In reply to: [Social Media Widget] Anyone know why Social Media Widget was removed?Hi Brian,
I have a hard tibe believing what the current maintainer says. Several weeks ago, he was notified that something weird was going on in this thread: https://www.ads-software.com/support/topic/strange-url-in-social-widgetphp
Since then, he didn’t investigate? He didn’t clean up? The code just got replaced by code that was not that easy to spot.
Can’t you take ownership of the project again?
Forum: Plugins
In reply to: [Social Media Widget] Anyone know why Social Media Widget was removed?Changelog of version 4.0.1 mentions removal of potentially malicious code.
I don’t know why 4.0.1 is not visible through /extend/plugins but trough /support/plugin, it is:https://www.ads-software.com/support/plugin/social-media-widget
@esmi: Thanks, I will.
Shouldn’t there be a link “report security issue” to make it clear what to do when you find issues?Forum: Reviews
In reply to: [Adminer] Useful but extremely dangerousHi Frank,
Good that the plugin can also be used for non-WP. But the reason that this plugin is so much less secure than the vanilla, is that it reads the database connection information automatically.
So where a bad guy would have to guess the password as well when using adminer, the adminer-wordpress-plugin does not have this protection.
If the adminer-wp-plugin uses wordpress-specific convenience features to allow access to the database, I think it should also use wordpress-specific protection.