Title: Plugin withdrawn from WordPress.org Last modified: January 24, 2020 --- # Plugin withdrawn from WordPress.org * Resolved [Manni02](https://wordpress.org/support/users/manni02/) * (@manni02) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/) * It looks like the plugin has been temporarily withdrawn from WordPress.org and isn’t available for download (I was alerted to this by Wordfence). * Please could you explain why? * Wordpress says it’s under review, but there is no further explanation. * Thanks Viewing 15 replies - 1 through 15 (of 25 total) 1 [2](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/page/2/?output_format=md) [→](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/page/2/?output_format=md) * [Michael](https://wordpress.org/support/users/blackvx/) * (@blackvx) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12363344) * I’m also interested to know what is going on with this. Thanks * [bluevelvetelvis](https://wordpress.org/support/users/bluevelvetelvis/) * (@bluevelvetelvis) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12363405) * Yes please. Would love an update. Thanks! * Plugin Author [Cristian Raiber](https://wordpress.org/support/users/cristianraiber-1/) * (@cristianraiber-1) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12363810) * Hey folks, * sorry for the late reply. We’ll be able to disclose more after we get the plugin unsuspended and an update released. * It’s nothing to worry about and the plugin isn’t going anywhere soon. We’re fully committed to maintaining it and releasing updates. * FWIW, this is concerning a security issue that could be potentially exploited under specific circumstances. We’re working on a patch and will submit it soon. It’s usual for WordPress.org to suspend plugins in case of security issues and then review them to minimize the possibility of the issue spreading. * FYI, this issue appears to have been in the plugin since it was launched. * Stay tuned for an update very soon 🙂 * All the best, Cristian. - This reply was modified 6 years, 4 months ago by [Cristian Raiber](https://wordpress.org/support/users/cristianraiber-1/). * [hugowachters](https://wordpress.org/support/users/hugowachters/) * (@hugowachters) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12363820) * thanks for the information. * Thread Starter [Manni02](https://wordpress.org/support/users/manni02/) * (@manni02) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12363842) * Great thanks for the update 🙂 * [bluevelvetelvis](https://wordpress.org/support/users/bluevelvetelvis/) * (@bluevelvetelvis) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12364580) * Thanks for keeping us in the loop! Love this plugin. * [supahduck](https://wordpress.org/support/users/supahduck/) * (@supahduck) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12364834) * Given that the suspension is in regards to a potential security issue, would you recommend disabling the plugin for now, until an update is released? * Just trying to minimize security exposure for my clients. * Thread Starter [Manni02](https://wordpress.org/support/users/manni02/) * (@manni02) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12365948) * I wouldn’t go as far as disabling the plugin as it might cause cosmetic issues where testimonials are displayed but I would prevent uploading user files if it’s something your clients allow in the plugin settings. That’s assuming they already have a firewall installed (Wordfence, Sucuri, etc). * [supahduck](https://wordpress.org/support/users/supahduck/) * (@supahduck) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12366657) * Already running Wordfence on all my client installations, and user uploads are not permitted (just using the plugin to publish testimonials submitted out-of- band, not allowing “public” uploads). * If the attack vector is purely through the upload functionality, then I’ll just make sure that it’s locked down, until we get more info/updates. * Thanks, Manni02! * Thread Starter [Manni02](https://wordpress.org/support/users/manni02/) * (@manni02) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12366721) * Just to clarify, I have no idea where the issue is in the plugin, it just looks to me that the public file upload feature is an obvious hole to plug until we find out, short of disabling the whole plug-in. * [supahduck](https://wordpress.org/support/users/supahduck/) * (@supahduck) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12366907) * I would agree, Manni02, in most of the recent vulnerabilities in other plugins, it’s usually insufficient user validation checks (the dreaded isadmin() mistake), which allows all sorts of damage via malicious uploads. * Glad to see that WP/Cristian/Machothemes are being proactive about this. 🙂 * Plugin Author [Cristian Raiber](https://wordpress.org/support/users/cristianraiber-1/) * (@cristianraiber-1) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12367847) * The issue is not related to uploads 🙂 It’s something completely different. * We’re waiting for the offical review of the plugin. Once that’s ready and approved, we’ll be able to make the actual bug public for everyone. * Thanks for being so patient with us! * /Cristian. * [davesyntax](https://wordpress.org/support/users/davesyntax/) * (@davesyntax) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12368316) * Looking forward to the update / more info. * [blmbmj](https://wordpress.org/support/users/blmbmj/) * (@blmbmj) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12370829) * Are there any updates? Do you know how much longer, I am beginning to become a little worried. * Thanks. * [singingcyclist](https://wordpress.org/support/users/singingcyclist/) * (@singingcyclist) * [6 years, 4 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/#post-12371633) * If its not to do with the uploads, should we all be worried – I have quite a few sites using this plugin. Please can you let us know how long it will be until an update? Viewing 15 replies - 1 through 15 (of 25 total) 1 [2](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/page/2/?output_format=md) [→](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/page/2/?output_format=md) The topic ‘Plugin withdrawn from WordPress.org’ is closed to new replies. * ![](https://ps.w.org/strong-testimonials/assets/icon-256x256.png?rev=3134855) * [Strong Testimonials](https://wordpress.org/plugins/strong-testimonials/) * [Frequently Asked Questions](https://wordpress.org/plugins/strong-testimonials/#faq) * [Support Threads](https://wordpress.org/support/plugin/strong-testimonials/) * [Active Topics](https://wordpress.org/support/plugin/strong-testimonials/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/strong-testimonials/unresolved/) * [Reviews](https://wordpress.org/support/plugin/strong-testimonials/reviews/) * 25 replies * 11 participants * Last reply from: [Cristian Raiber](https://wordpress.org/support/users/cristianraiber-1/) * Last activity: [6 years, 3 months ago](https://wordpress.org/support/topic/plugin-withdrawn-from-wordpress-org/page/2/#post-12444121) * Status: resolved