Email Injection Issue – Is there a fix yet?
Folks – I received the following email from my webhoster regarding security issues:-
If your site uses the PHP mail() function to send mail from a PHP page please read this message carefully.
Over the last few weeks we have seen many unsecure contact form / feedback form / Refer and Tell a friend type forms been used to send out spam because of e-mail injection vulnerability. Many of these forms do not have any
validation on user input data.
Clients who use any of the above forms need to remove them NOW from their websites until they have been secured as they allow spammers to send out spam through our network.
Please take this e-mail seriously.
We have had to disable 20+ websites in the last 2 weeks because of this issue.
Am I right in assuming this applies to wordpress, or at least to the “contact us” plugins out there? If so – is there a secure workaround or plugin available to address this issue or do I have to get rid of my plugin in order to stay hosted with my site?
Looking for some advice please as I’m not a PHP guru. Thanks.
“Howl @ The Moon!”
- The topic ‘Email Injection Issue – Is there a fix yet?’ is closed to new replies.