buzwiz123

Oh – I am sorry I misunderstood. I just want to make sure that people who are looking at downloading the plugin are aware of possible exploit. On a separate note… Does wordpress ban any plugins with malware until they are fixed? It is really a big issue… Until this accident I was under impression that wordpress investigates and removes the problematic plugins until the found issues are resolved. Otherwise it is really unfair to all users out there who have no idea that there are issues…

It appears that people did complain about exploits in the plugin a week ago with a new version! Is anything being done to address it?

At this point you put my account on monitor, while suggesting that I put some spammy reviews? Are you seriously doubting what I am saying?

The way to fix it at this point is to completely remove UM plugin. Luckily for us, we did not use it extensively, and it was relatively easy to get rid off. However, for other sites where it is more integrated, it might be a larger issue…

I think the developers of UM need to address it asap and clearly state that the issue was fixed!

It is a serious allegation! And I would never mention it unless it was very, very serious. I do not believe it is a user data related, simply because when we did investigation, we’ve noticed that plugin downloaded some temp data (php script) into wp uploads area. Then it added malicious jquery.js link to every header.php file we had on a system.

The link was pointing to cdn.eeduelements.com/…/jquery.js. I do not know whether it was a hack on the plugin side, but we experienced it, and faced serious issues with google.