A while ago I started seeing some very odd links appearing, ones that looked far too natural, it appeared as though the majority of them had the Google Analytics for WordPress plugin, developed by Joost de Valk, with the “Track outbound clicks & downloads” selected.
So I started to wonder if some how these sites had been hacked using a vulnerability somewhere in the plugin. I had a look through the code until I got to the function in charge of tagging the outbound links, although I could read the PHP code, I don’t really have much knowledge about XSS and SQL injection and stuff like that, so I asked James to have a look (the guy that likes to break things).
So James started having a look and after a bit of time studying the code he told me he had put a comment on my blog (I was running the Google Analytics for WordPress plugin with the track outbound clicks option selected). So I go to my blog and I see this:
The code James used was this:
Hi this is an <a href="http://www.google.com']);alert(document.cookie);return false;//" rel="nofollow">interesting link</a> don't you think?
We let Joost know, James suggested a fix and Yoast got it sorted almost immediately, you can download the latest version here (version 4.1.3). If you haven’t used the Google Analytics plugin by Joost (Yoast), I’d highly recommend trying it out. I’ve currently got it running on my personal site and it tags all out going clicks, which is great for tracking affiliate clicks and seeing where the visitor came from, amongst other things.