Home Forums Newsletter Plugin Support False virus alarm for link.php

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #17039
    MKJ
    Participant

    Hi,

    today we received a lot of virus warnings. The support renamed the link.php file for security reasons. I couldn’t find any malicious code. However, they say that many of their customers had problems with malware using your plugin. It seems that only the latest version 3.8.5 generates these false alarms. Would you please fix this? There is obviously some pattern in it or a security hole that provokes these alarms.

    Thank you!

    #17055
    Stefano
    Keymaster

    There was an open redirect issue, but the plugin uses signed link from a while. Was you using the latest version? You’re not the only one that reported and I released a new stronger version to deal with this problem.

    #17084
    MKJ
    Participant

    Thank you very much. I think this did the trick. No false alarms anymore.

    #17126
    domzi
    Participant

    Please do all check the database wp_newsletter_stats > there are the malicious links, directy posted into the newsletter-plugin-DB.

    #17130
    Stefano
    Keymaster

    The links have been registered before the new signature protection, they are not shown exposed by the blog, are only part of the link tables inside the statistic panel. They do not affect your blog.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.