Malware.

  • Resolved kylianmash

    (@kylianmash)


    1 year, 9 months ago

    Hello guys,

    Just to kindly inform you that using your plugin will cause your users a strike from Google Ads.

    Was a real headache to find the cause of my issue with Google Ads last weeks.

    Finally we found out the reason, and we don’t know why, it was your plugin that caused a security alert on Google Ads.

    The plugin is using a script (Polyfill.js) that seems to get a security breach problem.

    The information became just official and you will be able to find some links reporting the problem here: https://forum.squarespace.com/topic/306234-google-ads-says-my-site-is-affected-by-an-unsafe-domain/

    Got the mail from Google too just few min ago asking to remove from any sites the polyfill.js or to update it.

    Would be super great and serious from your side to take this in count as we would love to get your plugin back on our websites! Let us know (we use one previous version, so please patch them all! :))

    Sorry for the bad news, but I’m sure you will sort it out!

    Take care,

    Cheers,

    • This topic was modified 1 year, 9 months ago by kylianmash.
    • This topic was modified 1 year, 9 months ago by kylianmash.
    • This topic was modified 1 year, 9 months ago by kylianmash.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Gemini Labs

    (@geminilabs)

    1 year, 9 months ago

    Site Reviews stopped using the Polyfill script a long time ago, you must be using an old version of Site Reviews. Old versions of the plugin are not supported here. Update to the latest version!

    Plugin Author Gemini Labs

    (@geminilabs)

    1 year, 9 months ago

    Again:

    Previous versions of Site Reviews (version 5 or earlier) used the polyfill.io script to support Internet Explorer. Documentation was also provided on the Help and Support page which allowed you to disable it.

    The polyfill.io script was removed in 2022 with Site Reviews v6 and support for Internet Explorer was dropped.

    Site Reviews is now at version 7.

    Previous versions of Site Reviews will not be patched and are not supported here.

    In February 2024 a Chinese company (Funnull) bought the polyfill.io domain and the GitHub account. The company modified the Polyfill script so malicious code would be inserted into websites that embedded scripts from cdn.polyfill.io.

    This is a perfect example of why you should keep your plugins and website up to date.

    Update Site Reviews!

    just0nequestion

    (@just0nequestion)

    1 year, 4 months ago

    I’m glad that the malicious intent from the chinese company came to life years after the vast majority of site reviews users has updated their plugins. however…

    this really is a good example why the best practice is to not include any scripts from third party domains at all.

    there always might be someone taking over a domain or ip in one way or the other.

    Plugin Author Gemini Labs

    (@geminilabs)

    1 year, 4 months ago

    The best practice, is to keep your WordPress version and installed plugins up to date!

    • This reply was modified 1 year, 4 months ago by Gemini Labs.
    just0nequestion

    (@just0nequestion)

    1 year, 4 months ago

    best practice is to not include any scripts from third party domains at all and
    best practice, is to keep your WordPress version and installed plugins up to date!

    both is very true!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Malware.’ is closed to new replies.