Security Issue

  • Camille

    (@camille3092)


    1 month ago

    Hello,

    I want to report WP Factory, who seem completely unconcerned that the pro version of their EU/UK VAT Validation Manager for WooCommerce plugin is hacked.

    The pro version, which is downloaded from their official website to upgrade the free version, contains a malicious file, /includes/class-alg-wc-eu-vat-customer.php, which attempts to download a hacked external file when the plugin is activated.

    I tried alerting them on GitHub, but they don’t seem to care much.

    I therefore want to report them to prevent further security vulnerabilities for other WooCommerce stores.

    Best regards,

    Camille

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Pablo Pacheco

    (@karzin)

    1 month ago

    Hi Camille,

    Thank you for bringing this to our attention. We sincerely apologize for not acting on your report sooner, especially on something this serious.

    We’ve confirmed the issue and are actively working to release a clean version as quickly as possible. We’ll keep you posted as soon as we have updates.

    We’re grateful for your help.

    amorgaut

    (@amorgaut)

    3 weeks ago

    I have a website that has recently been hacked and which were using the pro version of the plugin

    SecurePress alerted me that your plugin had a security issue

    It might not be related but I prefer not to reactivate this plugin before a fix

    Moderator Support Moderator

    (@moderator)

    3 weeks ago

    Pro versions cannot be supported here, per forum rules. The topic has been removed. Please contact the devs through their web site.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security Issue’ is closed to new replies.