1. Plugin Vulnerabilites

    We are not sure why it isn’t mentioned in your story since we contacted the WordPress Tavern about this situation a week ago, but it is important to note that the plugin has been publicly known to be vulnerable in this way since December of 2017 and the developer knew about it for a month and half before that. So there was plenty of time for the developer to have resolved this by now and there was also plenty of time for the WordPress team to better handle the situation instead of leaving websites to be hacked.

    One option available is for the team to release a fixed version, as is mentioned by the security page for WordPress:

    When a plugin vulnerability is discovered by the WordPress Security Team, they contact the plugin author and work together to fix and release a secure version of the plugin. If there is a lack of response from the plugin author or if the vulnerability is severe, the plugin/theme is pulled from the public directory, and in some cases, fixed and updated directly by the Security Team.

    It wouldn’t even require much work on their part, as we have repeatedly offered to provide fixes for vulnerabilities like the one in this plugin, which are likely to be exploited, but they haven’t taken us up on that.

    It would be great if you would cover that element of the story, since there are plenty of things that could be done to reduce the number of websites being hacked if that team was finally willing to work with others to address the problems with their process.


  2. Chris

    I’d like to know if there are any safe, free, alternatives available. I’m looking for something I could use for my gaming reviews. Thanks for any suggestions!


  3. Bikram

    I’m also looking for alternatives and good suggestions for review plugins. I have lost my starts on rich results and now I’m not getting them back even after I have set them up manually on my templates. My codes are even correct on the Rich Schema Structured Test Tool.
    Google has updated it big this time.


  4. Racquel

    We created this modified plugin for a customer using rich reviews.



  5. Tevya

    My team and I at Starfish Reviews have adopted the Rich Reviews plugin and issued a security release to fix these vulnerabilities.

    Unlike the one from Magic Box, you don’t have to pay to secure your site. Just update to 1.8+ through the normal, automatic update process and your site will no longer be vulnerable to this exploit.


Comments are closed.

%d bloggers like this: