SlickQuiz inserting stray code in htaccess, takes site down

After testing for 4 months, I have determined via server error logs that SlickQuiz occasionally inserts code in the htaccess file for a site I use the quiz on. In most cases the stray code is "s" or "ss," but other times it has caused a duplication of the htaccess file X30 or more, with the lead-in code being cut off halfway in the opening of the file.

On one occasion the code inserted was extensive and was completely unfamiliar to both myself and a professional developer that i hired to investigate the issue, John El Hanafi.

The SlickQuiz plugin was suspect from the beginning, but took some time to confirm. I refused to deactivate it for months because the quiz that it runs is very popular on the site, and I keep close watch over my sites so when the htaccess file would be corrupted and the site would go down, in most cases I could quickly bring it back up again.

However, the repeated unavailability of the site eventually caused indexation problems in Google and Bing, and so I finally deactivated the plugin on April 16th. I was working last night on a manual fix that would allow me to delete the plugin, but would result in a far less desirable quiz experience. I was implementing these changes when I saw there was an update to the plugin as of today. The changelog indicates this fixes a SQL injection vulnerability, and I wonder if my problem is related and will be fixed by this update?

If not, then at the very least it should be made known that this could be a problem for some sites.

I am running Wordpress with a modified version of the Leetpress theme. Site in question is:

http://marijuanagames.org/

Page in question is (plugin disabled at this time):

http://marijuanagames.org/so-you-think-you-know-marijuana/

With the plugin deactivated there have been no further problems.

Thank you!

Russ Hudson

jewlofthelotus / SlickQuiz-WordPress

SlickQuiz inserting stray code in htaccess, takes site down #61