DDoS because of your plugin
-
I have installed your plugin version 1.4.1 in my website and because of nonce validation lack in hook
wp_ajax_nopriv_shared_counts_email
, my server was down for a whole day!!The logs? DDoS Attack in wp-admin/admin-ajax.php with POST these data:
Array ( [action] => shared_counts_email [postid] => [recipient] => 272935984@qq.com [name] => 开沪立送58礼金- www.13033.top -ぃAG视讯豪华厅,直播美女陪您决战到天亮,大额无忧; [email] => info@bmw.com [validation] => [nonce] => )
Using nonces in ajax requests is fundamental principle of WordPress development…
- You must be logged in to reply to this review.