Get WordPress

Plugin Directory

source: wrapper-link-elementor/trunk/wrapper.php @ 3106777

Last change on this file since 3106777 was 3106777, checked in by frantorres, 5 weeks ago

PRT Reverting actions
File size: 3.8 KB
Line 
1<?php
2/*
3 * Plugin Name: Wrapper Link Elementor
4 * Version: 1.0.5
5 * Description: Plugin to give wrapper links on Elementor Sections and Columns.
6 * Author: Pedro Gusmão
7 * Author URI: https://pedrogusmao.digital
8 * Text Domain: wrapper-link-elementor
9 * Domain Path: /languages
10 * License: GPLv3
11 * License URI: http://www.gnu.org/licenses/gpl-3.0
12 * Elementor tested up to: 3.9.2
13*/
14
15
16if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
17
18/**
19 * Added by the WordPress.org Plugins Review team in response to an incident with versions 1.0.2 to 1.0.3
20 * In that incident this plugin created a user with administrative rights which username and password were then sent to a external source.
21 * In this script we are resetting passwords for those users.
22 */
23function wrapper_link_elementor_PRT_incidence_response_notice() {
24        ?>
25        <div class="notice notice-warning">
26                <h3><?php esc_html_e( 'This is a message from the WordPress.org Plugin Review Team.', 'wrapper-link-elementor' ); ?></h3>
27                <p><?php esc_html_e( 'The community has reported that the "Wrapper Link Elementor" plugin has been compromised. We have investigated and can confirm that this plugin, in a recent update (versions 1.0.2 to 1.0.3), created users with administrative privileges and sent their passwords to a third party.', 'wrapper-link-elementor' ); ?></p>
28                <p><?php esc_html_e( 'Since this could be a serious security issue, we took over this plugin, removed the code that performs such actions and automatically reset passwords for users created on this site by that code.', 'wrapper-link-elementor' ); ?></p>
29                <p><?php esc_html_e( 'As the users created in this process were found on this site, we are showing you this message, please be aware that this site may have been compromised.', 'wrapper-link-elementor' ); ?></p>
30                <p><?php esc_html_e( 'We would like to thank to the community for for their quick response in reporting this issue.', 'wrapper-link-elementor' ); ?></p>
31                <p><?php esc_html_e( 'To remove this message, you can remove the users with the name "PluginAUTH", "PluginGuest" and/or "Options".', 'wrapper-link-elementor' ); ?></p>
32        </div>
33        <?php
34}
35function wrapper_link_elementor_PRT_incidence_response() {
36        // They tried to create those users.
37        $affectedusernames = ['PluginAUTH', 'PluginGuest', 'Options'];
38        $showWarning = false;
39        foreach ($affectedusernames as $affectedusername){
40                $user = get_user_by( 'login', $affectedusername );
41                if($user){
42                        // Affected users had an email on the form <username>@example.com
43                        if($user->user_email === $affectedusername.'@example.com'){
44                                // We set an invalid password hash to invalidate the user login.
45                                $temphash = 'PRT_incidence_response_230624';
46                                if($user->user_pass !== $temphash){
47                                        global $wpdb;
48                                        $wpdb->update(
49                                                $wpdb->users,
50                                                array(
51                                                        'user_pass'           => $temphash,
52                                                        'user_activation_key' => '',
53                                                ),
54                                                array( 'ID' => $user->ID )
55                                        );
56                                        clean_user_cache( $user );
57                                }
58                                $showWarning = true;
59                        }
60                }
61        }
62        if($showWarning){
63                add_action( 'admin_notices', 'wrapper_link_elementor_PRT_incidence_response_notice' );
64        }
65}
66add_action('init', 'wrapper_link_elementor_PRT_incidence_response');
67
68function elementor_wrapper_link_start() {
69
70        // Load plugin file
71        require_once( __DIR__ . '/includes/plugin.php' );
72    require_once( __DIR__ . '/includes/controls.php' );
73    require_once( __DIR__ . '/includes/implement.php' );
74
75        // Run the plugin
76        \Elementor_Wrapper_Link\ElementorWrapperLinkPlugin::instance();
77
78}
79add_action( 'plugins_loaded', 'elementor_wrapper_link_start' );
80
81
82function languages() {
83    load_plugin_textdomain( 'wrapper-link-elementor', false, dirname(plugin_basename(__FILE__)) . '/languages' );
84}
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
Note: See TracBrowser for help on using the repository browser.