Title: security problems Last modified: August 21, 2016 --- # security problems * [BenM](https://wordpress.org/support/users/alysko/) * (@alysko) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/) * hi, * Malfunction at 3rd party Plugin detected! Name: Quick Chat | Author: Marko Martinović Below listed scripts has been automatically stripped because of injection: * [http://localhost/wordpress/wp-content/plugins/quick-chat/js/jquery.c00kie.js](http://localhost/wordpress/wp-content/plugins/quick-chat/js/jquery.c00kie.js) [http://localhost/wordpress/wp-content/plugins/quick-chat/js/quick-chat-load.js](http://localhost/wordpress/wp-content/plugins/quick-chat/js/quick-chat-load.js) * Not good at all. * [https://wordpress.org/plugins/quick-chat/](https://wordpress.org/plugins/quick-chat/) Viewing 7 replies - 1 through 7 (of 7 total) * [square_eyes](https://wordpress.org/support/users/square_eyes/) * (@square_eyes) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622256) * Hi alysko, can you give us some context? Was this a 4th party XSS injection? Who detected it? Or is this in the source code? * FYI I’m a user, not the developer. * [square_eyes](https://wordpress.org/support/users/square_eyes/) * (@square_eyes) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622258) * Wordfence found the following new issues on “”. * Alert generated at Tuesday 25th of February 2014 at 10:39:37 AM * Warnings: * * Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.db * Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.version * [square_eyes](https://wordpress.org/support/users/square_eyes/) * (@square_eyes) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622259) * Seemed I was on the receiving end of a brute fore attack last night * From my host… * “I have reviewed logged data on the server and found that your site was being hit quite a bit with WordPress login requests from 213.158.82.62 today: * [root@myhosthere /my/root]# awk ‘My IP Address Here/ {print $7}’ /usr/local/apache/ domlogs/user/mysite.com | sort | uniq -c | sort -rn | head 2217 /wp-login.php * This seemed to cause some issues with the account hitting some of the resource limits we have on our shared servers.” * [square_eyes](https://wordpress.org/support/users/square_eyes/) * (@square_eyes) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622260) * My last chat plugin brought me all sorts of grief with XSS attacks. I’d love the developer to weigh in here with his opinion. It’s a great plugin, but not if it exposes my site. * Thread Starter [BenM](https://wordpress.org/support/users/alysko/) * (@alysko) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622262) * Hi square_eyes, * I don’t known what’s a “4th party XSS injection” 🙂 SQL injection, ok. XSS, ok. But 4th party XSS injection… * This message was given by Codestyling Localization. * [square_eyes](https://wordpress.org/support/users/square_eyes/) * (@square_eyes) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622263) * I would have said third party, but that’s the plugin. The attacker would be a fourth party. That’s all. * [square_eyes](https://wordpress.org/support/users/square_eyes/) * (@square_eyes) * [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622264) * And I concede, that my issues above may not be related to the plugin. However it happened almost immediately after I installed it. Based on my past experience it’s better to report it. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘security problems’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/quick-chat.svg) * [Quick Chat](https://wordpress.org/plugins/quick-chat/) * [Frequently Asked Questions](https://wordpress.org/plugins/quick-chat/#faq) * [Support Threads](https://wordpress.org/support/plugin/quick-chat/) * [Active Topics](https://wordpress.org/support/plugin/quick-chat/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/quick-chat/unresolved/) * [Reviews](https://wordpress.org/support/plugin/quick-chat/reviews/) * 7 replies * 2 participants * Last reply from: [square_eyes](https://wordpress.org/support/users/square_eyes/) * Last activity: [12 years, 3 months ago](https://wordpress.org/support/topic/security-problems/#post-4622264) * Status: not resolved