12/03/2013 12:19 PMPosted by TasidaAs others have pointed out, the root issue isn't the addons themselves, but rather people writing small scripts that utilize the addons, and functionality that's allowed by the Blizzard client, but not directly accessible to a user who doesn't know how to work with LUA code.
No. The root issue is that the Blizzard scripting API allows a script to send and trade money (and items) without a hardware event. I guarantee you that Blizzard will change this now. This could happen with auctions, trading, and mail.
From reading this thread, the other major issue is that the WeakAuras addon allows execution of arbitrary LUA scripts. It shouldn't do that...at least not by default. Any security expert will tell you that this is a major hole.
The addon author has patched Weakauras2 to v2.0.1 with some code that should help keep this from happening:
The issue itself is currently under investigation but as mentioned, it seems the author of the AddOn has made some changes. If you use this AddOn please make sure you update as soon as possible.
As always please understand that while AddOns are permitted, they are not directly supported by us and you should always be wary before downloading anything or, in this case, importing a script.
If you believe you were scammed by someone using this method please report it via an in-game ticket.
Include the name/realm of the character and what happened. While no restoration is guaranteed, we will investigate the matter and take what actions are appropriate for any violations found.
It is generally best not to discuss possible exploits on the forums as it usually just leads to more people "testing" them. If you encounter a possible exploit please report it to our hacks team by emailing email@example.com or using their webform.
How's my driving? Click me.