Execrise caution!

  • gqqnbig

    (@gqqnbig)


    1 week, 3 days ago

    I was using version 4.2.8 which was called Feedzy RSS Feeds Lite.

    Version 4.2.8 has dynamically loaded content, which may be vulnerable to remote code execution on a local wordpress instance. I noticed a couple of values in wp_options are changed to malicous ones, and this feedzy plugin is loading strange, advertisement values into memory/database.

    If the Feedzy plugin is benign, it at least has bugs susceptible for injections.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Stefan Cotitosu

    (@stefancotitosu)

    1 week, 3 days ago

    Hi @gqqnbig,

    Thank you for bringing this to our attention, and we’re very sorry for the inconvenience you’ve experienced. We take security very seriously, and we are not aware of any such issue in Feedzy. To investigate this properly, could you please open a ticket on the support forum and share more details about your findings? We’d be happy to look into it further.

    Thank you!

    Thread Starter gqqnbig

    (@gqqnbig)

    6 days, 7 hours ago

    Hello, after deep investigation, I found it was another plugin that was compromised.

    Plugin Support rodicaelena

    (@rodicaelena)

    3 days, 13 hours ago

    Hi @gqqnbig,

    Thank you for the update! I’m glad to hear this was not related to Feedzy.

    If that’s the case, we would also appreciate it if you could update your review. That would help users be correctly informed.

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this review.