Very sorry for the inconvenience here. The plugin should be available in the repo again very soon. In short the plugin was pulled because a few variables in the admin were not being sanitized properly and the .org mods felt the need to remove it while we repair it. Keep you posted.
Spencer
Can you elaborate as to what “a few variables in the admin were not being sanitized properly” means?
We are using this plugin on a few sites and it is not clear if there is a security vulnerability or not. If necessary we will be replacing the plugin immediately but I would like more information before moving forward.
Thanks so much!
Also it appears as if version 2.5.2.1 was released to fix the “php sanitation” issue but I cannot find anywhere to download that version. The Feed Them Social website simply points to the WordPress plugin repository page where it is not available to download.
Does version 2.5.2.1 fix the glitch that caused WordPress to remove it?
Thanks again!
-
This reply was modified 7 years, 8 months ago by
Tim Derouin. Reason: checked notify me of follow-up via email
Hey Tim (and others reading this),
Sorry for the delayed response. Basically, we weren’t escaping/sanitizing some attributes and a random security audit person trying to promote their blog and plugin decided to submit a report as they should. This led to the WordPress admins immediately taking the plugin down temporarily in case it was being exploited. They then notified us of this happening. This has made us thoroughly audit EVERY line of code in our plugin. We basically haven’t slept for the last week including through the weekend ensuring the audit is complete. The good news from all of this though is we are hopefully going to have it back live very soon (in the next day or so hopefully). In this process we also found better programs to help ensure we are following every WordPress and PHP code standard.
The other good thing is that the potential security exploit was protected by having to login to the site as an admin role making the chances of it being exploited much less likely. Any chance of a security exploit though is too big of a chance as we want our users to be as protected as possible.
Lastly, we are working closely with a WordPress team member to ensure everything is good to go when the plugin is put back onto the repository.
We also have plans to share this with other plugin and theme developers by making a blog post about our experience, the preventive measures and solutions.
We will keep you posted when the plugin is back live.
Thanks for your patience,
The SlickRemix Team
Thanks @slickremix for such a thorough reply!
Any update on when the plugin is expected to go live again? Would very much like to use your excellent product!
Hey @antonyl and others,
Thanks for your patience! We are getting ready to send WordPress team the update and hopefully will be back up as soon as they review. We went through everything as absolutely thoroughly as possible. We could have just rushed out a patch but decided we needed to beyond that we wanted to ensure EVERYTHING was as secure as possible in the plugin not just the issue that was found! We’ve basically have had about 3hrs of sleep a night for over the last week auditing every single line of code in the plugin. We also really cleaned up a lot of older code and made sure we were up to speed on all of the WordPress Standards! This is by far the biggest update we have made to Feed Them Social since launching it over 5 years ago (and that’s saying something as we’ve made some pretty large updates). We have also learned so much over the past week. We are going to work on making some blog posts and videos to help other WordPress developers get up to speed on things we were unaware of as we love being involved in the WordPress community.
We’ll let everyone know here as soon as plugin is back up!
The SlickRemix Team
Hey Everyone!
First, We are back re-approved and live!! Please be sure to update to the newest version 2.5.3!
Second, We are are so thankful you all were patient with us as we went through this major security update! Security is even more a priority now than ever before and all of our future updates will be more thoroughly reviewed before pushed!
Thanks have a great day!
The SlickRemix Team
Fantastic, thanks @slickremix!
We have been using this plugin for a couple years.
We are now upgraded to 2.5.6
It no longer functions for Facebook. All that displays where FB should be embedded is “LIKE – You and 888 others like this.”
In FB Settings our Access Token is there, but the Page ID field is empty.
Please advise.
@jimgasperini Try clearing the cache from the Settings > Global Options page of our plugin. If that does not work please create a new support post and please include these 3 things.
1. The shortcode you are trying to use.
2. An example link to the problem in question.
3. The report from the System Info page of our plugin. Click here if you are unsure how to do this. https://www.slickremix.com/docs/system-info-page/
If anyone else has troubles still too please create a new support post as we are going to close this one. Thanks for everyones patience while we worked through getting the plugin back up.
Spencer
I will admit that the sites I manage with FTS… the Facebook shortcode had to be output again from within the Settings area. The FB page ID and access token were still connected but the shortcode was different.
After updating the shortcode all feeds were back up and running properly.
I have also been running the plugin for quite some time so my shortcodes were probably no longer supported.
-
This reply was modified 7 years, 8 months ago by Tim Derouin.
Hey Tim,
Sorry for any inconvenience that caused. Just to let you know in the future we are planning on replacing the generator with FTS feed posts this would allow you to create a post for each feed in the backend which in turn would allow the shortcode to be saved dynamically. Saving the options under an FTS post would allow all of your shortcode options to be saved per feed! I don’t have a timeline of when this will be done but it is coming in the near future!
Thanks,
Justin
