PSA: Massive Exploit - PlaceholderAPI (checkitem expansion)
Hey guys, kinda made a post to warn about a possible exploit that could be on your server as well.
It's related to a specific PlaceholderAPI expansion called CheckItem.
Random new players joined our server, tried a bunch of random commands all sharing the same placeholder.
Eventually they made it work doing
This command gave them a full inventory of bedrock, and can be used to spawn in any item in the game.
Emergency fix:
We fixed it by going into PlaceholderAPI -> config.yml and making "checkitem: give_enabled: false"
So if you have the expansion called checkitem, DISABLE IT RIGHT NOW!
I don't know more specific details than that, but wanted to post an emergency post regarding it.
We are on purpur version git-Purpur-1996, running Minecraft 1.20.1.
The ping command is by the CMI plugin, so not sure if it has to be CMI or not.
It's related to a specific PlaceholderAPI expansion called CheckItem.
Random new players joined our server, tried a bunch of random commands all sharing the same placeholder.
Eventually they made it work doing
/ping %checkitem_give_mat:bedrock,amt:2304%This command gave them a full inventory of bedrock, and can be used to spawn in any item in the game.
Emergency fix:
We fixed it by going into PlaceholderAPI -> config.yml and making "checkitem: give_enabled: false"
So if you have the expansion called checkitem, DISABLE IT RIGHT NOW!
I don't know more specific details than that, but wanted to post an emergency post regarding it.
We are on purpur version git-Purpur-1996, running Minecraft 1.20.1.
The ping command is by the CMI plugin, so not sure if it has to be CMI or not.
