Title: Shady HIJACKING WordPress Plugin
Last modified: September 3, 2016

---

# Shady HIJACKING WordPress Plugin

 *  [wordpresses](https://wordpress.org/support/users/wordpresses/)
 * (@wordpresses)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/shady-hijacking-wordpress-plugin/)
 * This plugin adds “Clean and Simple WordPress Contact Form by Meg Nicholas – WordPress
   Developer” and its version number to your source code that will be stored into
   Google as your website description.
 * <div class=”cscfVersion” style=”display:none;”> Clean and Simple WordPress Contact
   Form by Meg Nicholas – WordPress Developer. Version 4.3.4 </div>
 * Notice the display:none; which is not visible to you and other people but still
   visible to search engines.
 * Kinda search engine spamming and also make it vulnerable for any wordpress site
   that has this installed by showing the actual version number. If there are any
   knows exploits the only thing hackers would have to do is looking for sites with
   that plugin installed with the particular version number.
 * **AVOID THIS PLUGIN!!!!!!!!!!!!!!!!**
 * Shady search engines spamming and security risk!!!!

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [megnicholas](https://wordpress.org/support/users/megnicholas/)
 * (@megnicholas)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/shady-hijacking-wordpress-plugin/#post-7918177)
 * This plugin as been passed by WordPress. I add the version number to the html
   so that I know which version users are running when they come to me for support.
   
   If you think this plugin has security risks I will happily forward to WordPress
   so that they can check for issues.
 *  Thread Starter [wordpresses](https://wordpress.org/support/users/wordpresses/)
 * (@wordpresses)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/shady-hijacking-wordpress-plugin/#post-7918178)
 * It’s shady practices to kinda spam search enginges via website’s description.
 * I would call it blackhat.
 * And yes including version numbers is a big no-no.
    Making it peace of cake for
   hackers to find domains using your plugin with particular version to exploit.
 *  [megnicholas](https://wordpress.org/support/users/megnicholas/)
 * (@megnicholas)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/shady-hijacking-wordpress-plugin/#post-7918186)
 * Please note that the offending HTML has been removed. You can download the updated
   version now.
 * I would be grateful if you would reconsider your review. I am sure you appreciate
   that a lot of work has gone into producing and supporting this free plugin.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Shady HIJACKING WordPress Plugin’ is closed to new replies.

 * ![](https://ps.w.org/clean-and-simple-contact-form-by-meg-nicholas/assets/icon-
   256x256.png?rev=2552365)
 * [Contact Form Clean and Simple](https://wordpress.org/plugins/clean-and-simple-contact-form-by-meg-nicholas/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/clean-and-simple-contact-form-by-meg-nicholas/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/clean-and-simple-contact-form-by-meg-nicholas/)
 * [Active Topics](https://wordpress.org/support/plugin/clean-and-simple-contact-form-by-meg-nicholas/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/clean-and-simple-contact-form-by-meg-nicholas/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/clean-and-simple-contact-form-by-meg-nicholas/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [megnicholas](https://wordpress.org/support/users/megnicholas/)
 * Last activity: [11 years, 4 months ago](https://wordpress.org/support/topic/shady-hijacking-wordpress-plugin/#post-7918186)