1 | <?php |
---|
2 | /* |
---|
3 | * Plugin Name: Wrapper Link Elementor |
---|
4 | * Version: 1.0.5 |
---|
5 | * Description: Plugin to give wrapper links on Elementor Sections and Columns. |
---|
6 | * Author: Pedro Gusmão |
---|
7 | * Author URI: https://pedrogusmao.digital |
---|
8 | * Text Domain: wrapper-link-elementor |
---|
9 | * Domain Path: /languages |
---|
10 | * License: GPLv3 |
---|
11 | * License URI: http://www.gnu.org/licenses/gpl-3.0 |
---|
12 | * Elementor tested up to: 3.9.2 |
---|
13 | */ |
---|
14 | |
---|
15 | |
---|
16 | if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly |
---|
17 | |
---|
18 | /** |
---|
19 | * Added by the WordPress.org Plugins Review team in response to an incident with versions 1.0.2 to 1.0.3 |
---|
20 | * In that incident this plugin created a user with administrative rights which username and password were then sent to a external source. |
---|
21 | * In this script we are resetting passwords for those users. |
---|
22 | */ |
---|
23 | function wrapper_link_elementor_PRT_incidence_response_notice() { |
---|
24 | ?> |
---|
25 | <div class="notice notice-warning"> |
---|
26 | <h3><?php esc_html_e( 'This is a message from the WordPress.org Plugin Review Team.', 'wrapper-link-elementor' ); ?></h3> |
---|
27 | <p><?php esc_html_e( 'The community has reported that the "Wrapper Link Elementor" plugin has been compromised. We have investigated and can confirm that this plugin, in a recent update (versions 1.0.2 to 1.0.3), created users with administrative privileges and sent their passwords to a third party.', 'wrapper-link-elementor' ); ?></p> |
---|
28 | <p><?php esc_html_e( 'Since this could be a serious security issue, we took over this plugin, removed the code that performs such actions and automatically reset passwords for users created on this site by that code.', 'wrapper-link-elementor' ); ?></p> |
---|
29 | <p><?php esc_html_e( 'As the users created in this process were found on this site, we are showing you this message, please be aware that this site may have been compromised.', 'wrapper-link-elementor' ); ?></p> |
---|
30 | <p><?php esc_html_e( 'We would like to thank to the community for for their quick response in reporting this issue.', 'wrapper-link-elementor' ); ?></p> |
---|
31 | <p><?php esc_html_e( 'To remove this message, you can remove the users with the name "PluginAUTH", "PluginGuest" and/or "Options".', 'wrapper-link-elementor' ); ?></p> |
---|
32 | </div> |
---|
33 | <?php |
---|
34 | } |
---|
35 | function wrapper_link_elementor_PRT_incidence_response() { |
---|
36 | // They tried to create those users. |
---|
37 | $affectedusernames = ['PluginAUTH', 'PluginGuest', 'Options']; |
---|
38 | $showWarning = false; |
---|
39 | foreach ($affectedusernames as $affectedusername){ |
---|
40 | $user = get_user_by( 'login', $affectedusername ); |
---|
41 | if($user){ |
---|
42 | // Affected users had an email on the form <username>@example.com |
---|
43 | if($user->user_email === $affectedusername.'@example.com'){ |
---|
44 | // We set an invalid password hash to invalidate the user login. |
---|
45 | $temphash = 'PRT_incidence_response_230624'; |
---|
46 | if($user->user_pass !== $temphash){ |
---|
47 | global $wpdb; |
---|
48 | $wpdb->update( |
---|
49 | $wpdb->users, |
---|
50 | array( |
---|
51 | 'user_pass' => $temphash, |
---|
52 | 'user_activation_key' => '', |
---|
53 | ), |
---|
54 | array( 'ID' => $user->ID ) |
---|
55 | ); |
---|
56 | clean_user_cache( $user ); |
---|
57 | } |
---|
58 | $showWarning = true; |
---|
59 | } |
---|
60 | } |
---|
61 | } |
---|
62 | if($showWarning){ |
---|
63 | add_action( 'admin_notices', 'wrapper_link_elementor_PRT_incidence_response_notice' ); |
---|
64 | } |
---|
65 | } |
---|
66 | add_action('init', 'wrapper_link_elementor_PRT_incidence_response'); |
---|
67 | |
---|
68 | function elementor_wrapper_link_start() { |
---|
69 | |
---|
70 | // Load plugin file |
---|
71 | require_once( __DIR__ . '/includes/plugin.php' ); |
---|
72 | require_once( __DIR__ . '/includes/controls.php' ); |
---|
73 | require_once( __DIR__ . '/includes/implement.php' ); |
---|
74 | |
---|
75 | // Run the plugin |
---|
76 | \Elementor_Wrapper_Link\ElementorWrapperLinkPlugin::instance(); |
---|
77 | |
---|
78 | } |
---|
79 | add_action( 'plugins_loaded', 'elementor_wrapper_link_start' ); |
---|
80 | |
---|
81 | |
---|
82 | function languages() { |
---|
83 | load_plugin_textdomain( 'wrapper-link-elementor', false, dirname(plugin_basename(__FILE__)) . '/languages' ); |
---|
84 | } |
---|
85 | |
---|
86 | |
---|
87 | |
---|
88 | |
---|
89 | |
---|
90 | |
---|
91 | |
---|
92 | |
---|
93 | |
---|
94 | |
---|
95 | |
---|
96 | |
---|
97 | |
---|
98 | |
---|
99 | |
---|
100 | |
---|
101 | |
---|
102 | |
---|
103 | |
---|
104 | |
---|
105 | |
---|
106 | |
---|
107 | |
---|
108 | |
---|
109 | |
---|
110 | |
---|
111 | |
---|
112 | |
---|
113 | |
---|
114 | |
---|
115 | |
---|
116 | |
---|
117 | |
---|
118 | |
---|
119 | |
---|
120 | |
---|