Title: Recent attack on website using cff-scripts.js
Last modified: August 29, 2022

---

# Recent attack on website using cff-scripts.js

 *  Resolved [dipaksaraf](https://wordpress.org/support/users/dipaksaraf/)
 * (@dipaksaraf)
 * [3 years, 9 months ago](https://wordpress.org/support/topic/recent-attack-on-website-using-cff-scripts-js/)
 * Hello,
 * We have been using your plugin on our website and we have found that day before
   yesterday there was a huge attack on our website with the use of your plugin.
 * Though we had security in place and it was blocked, but not sure if there is 
   any known vulnerability in your plugin which might be causing this huge surge
   in attack( SQL Injection) on our website.
 * `by firewall for SQL Injection in POST body: ver=%20UNION%20ALL%20SELECT%20NULL%
   2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 at /wp-content/plugins/custom-
   facebook-feed/js/cff-scripts.js`
 * Would love your view and inputs on this issue.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Frecent-attack-on-website-using-cff-scripts-js%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Contributor [Craig at Smash Balloon](https://wordpress.org/support/users/craig-at-smash-balloon/)
 * (@craig-at-smash-balloon)
 * [3 years, 9 months ago](https://wordpress.org/support/topic/recent-attack-on-website-using-cff-scripts-js/#post-15964818)
 * Hey Dan,
 * Sorry to hear that you had an attack! Were there any other details about what
   the attacker was trying to do? This alone doesn’t give any hints.
 * There aren’t any known vulnerabilities in the plugin. We would definitely like
   to look into it if you have any more information though. Here is a link to our
   support form on our website if you can provide anything further:
 * [https://smashballoon.com/support/](https://smashballoon.com/support/)
 * Thanks,
 * Craig
 *  Thread Starter [dipaksaraf](https://wordpress.org/support/users/dipaksaraf/)
 * (@dipaksaraf)
 * [3 years, 9 months ago](https://wordpress.org/support/topic/recent-attack-on-website-using-cff-scripts-js/#post-15971653)
 * Hey Craig,
 * I have raised a support ticket with your website. Can you have a look at it and
   share some insight into the issue.
 * Thanks
    Dipak
 *  Plugin Contributor [Craig at Smash Balloon](https://wordpress.org/support/users/craig-at-smash-balloon/)
 * (@craig-at-smash-balloon)
 * [3 years, 9 months ago](https://wordpress.org/support/topic/recent-attack-on-website-using-cff-scripts-js/#post-15988704)
 * Hey Dipak,
 * Thanks for sending the log!
 * We discussed this issue as a team and determined that this was likely a random
   attack and was not trying to exploit anything specific in our plugin. From what
   we can tell from your report, there was data sent using POST request to a JavaScript
   file. Our JavaScript file does not process POST data. The specific piece of data
   is also not using a key that is processed anywhere in our plugin.
 * We are reviewing our plugins for SQL injection vulnerabilities to be safe but
   don’t think this attack would have any possibility of success.
 * Let me know if you have more questions.
 * – Craig

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Recent attack on website using cff-scripts.js’ is closed to new replies.

 * ![](https://ps.w.org/custom-facebook-feed/assets/icon-256x256.png?rev=2700775)
 * [Smash Balloon Social Post Feed - Simple Social Feeds for WordPress](https://wordpress.org/plugins/custom-facebook-feed/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/custom-facebook-feed/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/custom-facebook-feed/)
 * [Active Topics](https://wordpress.org/support/plugin/custom-facebook-feed/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/custom-facebook-feed/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/custom-facebook-feed/reviews/)

## Tags

 * [attack](https://wordpress.org/support/topic-tag/attack/)
 * [hacking](https://wordpress.org/support/topic-tag/hacking/)
 * [sql injection](https://wordpress.org/support/topic-tag/sql-injection/)

 * 5 replies
 * 2 participants
 * Last reply from: [Craig at Smash Balloon](https://wordpress.org/support/users/craig-at-smash-balloon/)
 * Last activity: [3 years, 9 months ago](https://wordpress.org/support/topic/recent-attack-on-website-using-cff-scripts-js/#post-15988704)
 * Status: resolved