[theme-reviewers] WPORG: Support: Claim of a number of backdoored themes in Repo
sabreuse at gmail.com
Wed Apr 25 15:50:27 UTC 2012
I had a bit of time so I went through the list he posted --
- Only one theme is available in the directory, and that was a false
positive (same filename, but a completely different "helpers" file
from the others on the list).
- Two were themes that reviewers caught, rejected, and reported to
wp.org at the time they were reviewed,
- The rest were from before there was a review process, and none of
them would pass review now.
I think that's a nice indication that our process has made a big
difference in the quality of what gets out there!
On Wed, Apr 25, 2012 at 10:35 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
> Yeah, I suspect that "helpers.php" is an exploit that someone is using
> somewhere -- exactly because it's such a generic-looking filename --
> but it's also used as a name for a perfectly innocent helper function
> library by other themes.
> On Wed, Apr 25, 2012 at 10:32 AM, Chip Bennett <chip at chipbennett.net> wrote:
>> I replied, and "ottolook" tagged the topic. (If code is to be removed from
>> SVN, Otto is the one to do it.)
>> The OP definitely found some malicious code, but some of the referenced
>> Themes don't have malicious code, as far as I can tell.
>> On Wed, Apr 25, 2012 at 9:12 AM, esmi at quirm dot net <esmi at quirm.net>
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
More information about the theme-reviewers