Thank you Ahmed. I provided the URL in the first post but not to worry, the error was my own which I have now resolved. Many thanks.
I’ve also deleted the plugin.
I had commercial versions of Facebook, Twitter and Instagram.
Learning of the exploit from a third party, and Smash Balloon’s response has made me believe you’re negligent towards security.
Shame, as the plugin was pretty good/I reviewed accordingly.
Bit poor they’ve not made this clear.
It took me 3 hours this morning to isolate this plugin being the source of the malicious redirects.
I’ve just come here to report the same. Absolute nightmare – whenever we save a private draft One Signal trigger a push notification.
