[theme-reviewers] WPORG: Support: Claim of a number of backdoored themes in Repo

Wed Apr 25 15:50:27 UTC 2012

I had a bit of time so I went through the list he posted --

- Only one theme is available in the directory, and that was a false
positive (same filename, but a completely different "helpers" file
from the others on the list).
- Two were themes that reviewers caught, rejected, and reported to
wp.org at the time they were reviewed,
- The rest were from before there was a review process, and none of
them would pass review now.

I think that's a nice indication that our process has made a big
difference in the quality of what gets out there!

On Wed, Apr 25, 2012 at 10:35 AM, Amy Hendrix <sabreuse at gmail.com> wrote:
> Yeah, I suspect that "helpers.php" is an exploit that someone is using
> somewhere -- exactly because it's such a generic-looking filename --
> but it's also used as a name for a perfectly innocent helper function
> library by other themes.
>
>
> On Wed, Apr 25, 2012 at 10:32 AM, Chip Bennett <chip at chipbennett.net> wrote:
>> I replied, and "ottolook" tagged the topic. (If code is to be removed from
>> SVN, Otto is the one to do it.)
>>
>> The OP definitely found some malicious code, but some of the referenced
>> Themes don't have malicious code, as far as I can tell.
>>
>> Thanks,
>>
>> Chip
>>
>>
>> On Wed, Apr 25, 2012 at 9:12 AM, esmi at quirm dot net <esmi at quirm.net>
>> wrote:
>>>
>>>
>>>
>>> <http://wordpress.org/support/topic/backdoored-templates-on-themessvnwordpressorg>
>>>
>>> Mel
>>> --
>>> http://quirm.net
>>> http://blackwidows.co.uk
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>