[wp-hackers] Hookd? Sketchy Plugin Include
jw at jacksonwhelan.com
Tue Sep 13 22:28:01 UTC 2011
Trying to help someone in the forums complaining about a plugin
their site to crawl, and stumbled across this included file which looks
like it could be used for great malfeasance.
Makes calls to hookd.org and requests actions and filters to be added.
Creates a world-writable directory while it's at it as well.
Is anyone familiar with hookd.org? Am I paranoid for thinking this is
As a bonus the plugin emails the author with the URL of the site it was
activated on, with no user consent or knowledge.
Which would make sense as it would allow them to fine tune the junk they
I found this related post in the forums from a year ago.
I've already emailed plugins at wordpress.org, but thought I'd ask if
anyone here was aware of this.
No comment on hit counters being used in 2011, but if you'd like to step
into the wayback machine just look at the screenshots : )
More information about the wp-hackers