Title: exploit in plugin Last modified: August 22, 2016 --- # exploit in plugin * Resolved [rldev](https://wordpress.org/support/users/rldev/) * (@rldev) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/) * There may be a potential exploit in this plugin. A website I had this installed on was sending spam via the sendmail command via the acount user. My firewall reported the following scripts as the culprits. I uninstalled the plugin and deleted it and the problem went away. * wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security- rename-login-feature.php * wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security- unlock-request.php * [https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Contributor [wpsolutions](https://wordpress.org/support/users/wpsolutions/) * (@wpsolutions) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5907842) * > My firewall reported the following scripts as the culprits. * Please provide the exact info your “firewall” gave you. * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5907844) * Hi rldev can you provide more proof that the exploit came from this plugin? You are the first person to report such exploit. * Which firewall plugin or software are you using that reported the issue? * Thread Starter [rldev](https://wordpress.org/support/users/rldev/) * (@rldev) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5907863) * I really can’t provide more proof. CSF firewall tracks scripts and outgoing mail. It is not definitive, but it suggested the scripts I mentioned could be responsible. Uninstalling All In Once WP security did solve the problem though. Once uninstalled and the exim queue cleared and exim restarted, the problem is gone. * Plugin Contributor [wpsolutions](https://wordpress.org/support/users/wpsolutions/) * (@wpsolutions) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5907955) * Unless you can tell us how the so-called issue is occurring it’s difficult for us to really fix anything. * Thread Starter [rldev](https://wordpress.org/support/users/rldev/) * (@rldev) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5907984) * I’m just trying to make you aware of a potential problem. Do with it as you wish. I stopped using the plugin on this particular site as I can’t sit around while a site is sending spam. I do have it installed on several other sites. If the issue pops up again, I will see if I can get you more information. * [mra13](https://wordpress.org/support/users/mra13/) * (@mra13) * [11 years ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5908000) * Thank you. If you get more info on it please share with us. * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [10 years, 1 month ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5908175) * No reply in 11 months. I am marking this thread as resolved. * Thank you Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘exploit in plugin’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) * 7 replies * 4 participants * Last reply from: [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * Last activity: [10 years, 1 month ago](https://wordpress.org/support/topic/exploit-in-plugin-1/#post-5908175) * Status: resolved