pipdig, one of the biggest WordPress theme providers to bloggers, is distributing code dressed up as the “pipdig Power Pack” plugin which amongst other things:
A great post by Jem. I highly recommend giving it a read if you're a pipdig customer or just someone who's interested about how easy it is for a theme provider to inject b***shit into your WordPress site. In short, here's what pipdig does with your site.
- Uses your site to issue DDoS attacks on competitors.
- Change links in your WordPress database to point to pipdig.com.
- Violates GDPR laws.
- Disables other plugins without asking you first.
The story doesn't end there though. Regarding that last point, Nicky Bloor discovered that pipdig disables Bluehost's and SiteGround's caching plugins, and then prompts users with a message that reads, “Is your host slowing you down?". Disgusting behavior from pipdig. I hope they lose customers over this.