jwarcher

Is this problem fixed? I see version 2.0.3 has been released, but no mention of this bugfix in the notes. Also, the Description page says “Last Updated: 2012-3-26”.

Thanks for the clarification.

Meant to say I’m using version 2.0.2.

I have noticed that the broken theme issue gets reported only intermittently. Not sure what’s going on, but it can be reported or not, even when the website config. hasn’t changed at all.

Another thing that’s related to my suggestion…
Before a feedback is reviewed, when you click on it, there is a big blue “Reviewed” button. That works fine. But after you click that Reviewed button, an “OK” button appears, and clicking that doesn’t appear to do anything. Is there supposed to be a function that OK does? If not, I would suggest not having the OK button.

Great, looking forward to it.

No problem, keep up the good work.

Okay, I did!

??

Thanks, that looks like it fixed it!! I hadn’t been testing it because of this issue. I will report back if anything else comes up.

Thanks, karevn, the 1.0.3 fixed the problem I posted above.

Interesting, it worked for my site with 3.2.1, but broke with 3.3 and is still broken with 3.3.1.

Looks like this is no longer being maintained. I wonder if there is a substitute???

This is weird, never had this problem with a plugin before, even the previous versions of Usernoise. I checked and all groups have read and read/execute permission on that folder.

???

I got about six or seven in that time frame (early Sept 2011) and blocked these IP addresses with my .htaccess file. Haven’t had any since then.
222.186.24.99
216.55.185.45

Have you looked at your logs?

I use Register Plus Redux on a semi-private site. I’m not greatly concerned about this, but am wondering how the attack would take place. Not looking for the code (obviously), but how it happens to see if my site is vulnerable. Does the attacker have to be able to post or comment on my blog for the attack to work? It doesn’t sound like simply being able to register and then access protected pages on my site would make this a threat to me, but I want to be sure.

Thanks for any thoughts.

How did you come to the conclusion that there would be any connection between EXEC-PHP and this virus ??

Like I posted above, I rolled back my database using snapshots from PHPMyAdmin until I found the last good configuration and then compared to the one right after it. The only thing I could see that had changed was EXEC-PHP being added. I updated the database to the current day and disabled EXEC-PHP and the problem went away.

I don’t have McAfee on the computer I develop on, so the problem was there for a couple months without me noticing. When my boss logged in to the back end on her computer with McAfee, then I heard about the issue. I was pretty worried at first, but learned that the VBS\Psyme virus has been in the wild for several years, which made me think it unlikely that we were looking at a real, unpathched vulnerability.

WordPress should definitely pull the plug-in until it is updated or until McAfee stops misidentifying this “virus.”

I switched to the “PHP Execution” plugin and all is well.