Possible security issue? | ww.wp.xz.cn

Resolved cotuama
(@cotuama)

10 years, 7 months ago

Hi,

I received the message below from my hosting company in relation to a site I have (http://www.leevale.org) that is running Calendar 1.3.5. For now I have disabled the plugin to keep everyone happy. Not sure if this is a known issue, or if it really is a security problem in the plugin…

“Hello

We have noticed suspicious activity on your site, possibly related to the calendar plugin you’re using under WordPress.

We’re seeing constant MySQL slow queries for

select table_collation from information_schema.tables where table_name like ‘xx_calendar%’ and table_collation not like ‘utf8mb4%’

As a precaution, we’ve renamed your /web folder to temporarily take your site offline so you can investigate this issue

I would recommend using a different plugin that the one currently installed, as we’re seeing the same activity on a handful of other sites using the same plugin, and it appears to be code-related.

We’d appreciate it if you could take a look at this as soon as possible”

https://ww.wp.xz.cn/plugins/calendar/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Kieran O’Shea
(@kieranoshea)

10 years, 7 months ago

I can see why they would be concerned by this, although it’s not in and of it’s self a security issue.

Removing this, or rather making it a one-time call, will be part of the next release.

Apologies for the inconvenience

Thread Starter cotuama
(@cotuama)

10 years, 7 months ago

Thanks!

Plugin Author Kieran O’Shea
(@kieranoshea)

10 years, 7 months ago

The new release is out, you should find this issue is fixed now

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Possible security issue?’ is closed to new replies.

3 replies
2 participants
Last reply from: Kieran O’Shea
Last activity: 10 years, 7 months ago
Status: resolved