• Pexle Chris

    (@pexlechris)


    I have installed your plugin version 1.4.1 in my website and because of nonce validation lack in hook wp_ajax_nopriv_shared_counts_email, my server was down for a whole day!!

    The logs? DDoS Attack in wp-admin/admin-ajax.php with POST these data:

    Array
    (
        [action] => shared_counts_email
        [postid] => 
        [recipient] => 272935984@qq.com
        [name] => 开沪立送58礼金- www.13033.top -ぃAG视讯豪华厅,直播美女陪您决战到天亮,大额无忧;
        [email] => info@bmw.com
        [validation] => 
        [nonce] => 
    )

    Using nonces in ajax requests is fundamental principle of WordPress development

  • You must be logged in to reply to this review.