New Insecure WordPress Plugin Marketed With Fake Norton Secured and (Retired) McAfee SECURE Security Seals
Yesterday, we reported on a new plugin from a WordPress plugin developer Brainstorm Force with a long track record of poor security, unsurprisingly was also insecure. One thing that we noticed while looking into that is on the homepage for that new plugin, SureDash, was that midway down the page, there are a couple security seals, Norton Secured and McAfee SECURE, around the logo for PayPal:
It isn’t explained what the relevancy of those is supposed to be, but it clearly doesn’t indicate the plugin is secure. Furthermore, the seals are simply an image. If they were legitimate, they would link to a page confirming the seals. The McAfee SECURE seal was also retired in 2021.
We should note that Brainstorm Force has a partner for this plugin, Adam Preiser, who is behind the WPCrafter YouTube channel. He is listed as the co-founder of the plugin.
It doesn’t say great things about where the WordPress community is these days when people looking to profit off of the community are so obviously dishonest.
This behavior has unfortunately been going on for years (and I’ve made Brainstorm Force aware of how unacceptable it is). You find the same or a similar image on most Brainstorm Force/Adam Preiser plugin sites.
Spectra: https://wpspectra.com/pricing/ (the most popular Gutenberg plugin)
Astra: https://wpastra.com/pricing/ (the most popular third-party WordPress theme)
Surecart: https://surecart.com/pricing/
Presto Player: https://prestoplayer.com/pricing/
Zip WP: https://app.zipwp.com/pricing
Cartflows: https://cartflows.com/pricing/