chillpanda

@fmosse Seeing as how the closure prevents downloading the plugin and that the new patch, noted as version 4.1.2 was meant to patch the security issue, until we can update the plugin, it will continue to be a vulnerability that exists until it’s patched. So while I can’t say whether or not the inference is regarding a malicious plugin or a malicious actor exploiting the plugin, it’s probably better safe than sorry.

@casi800 if you were to ask me, I wouldn’t be able to tell you. I still have it on my site primarily because on the front end, the Author is appropriately showing someone that isn’t Arne, which lines up with part of the information that lists @Auctollo as the plugin’s current author, with credits still attributing Arne as normal. However, when clicking on Auctollo’s name from the plugins list, it still directs me to the amebrachholde.de website. It would seem his last reply mentioned 4 months and a week ago that there would be a new rollout in the early part of [this] year. So while I do find their lack of reply to this thread to be somewhat suspicious, or any sort of reply being provided to the numerous other unanswered posts albeit having updated the source code just a week ago, it’s really hard to say definitively whether or not the plugin has been compromised in some way.
It also doesn’t help that the website listed for @auctollo doesn’t seem to be working from my end. It’s also worth noting that although Auctollo was at pone point actively replying to support related submissions going as far back as a year ago, it seems to consistently be a generic message of “Thank you for reaching out..” and “…our team is working on it”. I suppose it’s always better to be safe than sorry unless we can get some input from ww.wp.xz.cn about plugin’s current status. Or if a developer could review the code that was submitted to help make sense of whether or not the new code may contain malicious code or something.
Otherwise, there are plenty of other substitutes that do the same thing available from the plug in repository. So, to be sure, I am removing it myself, just to be safe, and for now.

@blazingmoonorg Thank you Mr. Giesler for doing all that and relaying the information here. It’s definitely alarming and concerning to hear the lack of information surrounding the plugin. Interestingly enough, when taking precaution and logging in to remove the plugin after reading your text, it would seem the plugin had a notification on my WordPress dashboard asking me to fill out a survey linked to a Google Forms page. While I refrained from filling out the survey, there just seems to be too many parts of the matter that seem off and I’d rather be safe than sorry.

@cdgweb @gadhiyaravi @coyotech I have not found that file either, whilst my /mu-plugins/ directory appears to be empty from file manager. And, just to be safe I SSH’d into the server in case of hidden files and found it to be empty as well. However, admittedly, I had gone to check after removing the plugin already.