Found A Potenital Bug
I love the plugin – thanks. I think I found a potential security flaw/ annoyance. Contact Form 7 does a great job at not allowing php code to be sent. It throws a “Failed to send your message. Please try later or contact the administrator by another method.” And outputting the form wp_cf7dbplugin_submits isn’t pushing that php out. But, it is a big but, When CF7 throws the failed message – the database is being updated with whatever information it has in it. See the problem? Someone knows this and starts pounding at the database causing to overload it. And potentially gain access (maybe – I don’t know??) But it could overload the database yes? Plus there is a bunch of false data – which would be a pain to sort threw and delete. I don’t know how the plugin works – but if you can – make sure it the form doesn’t throw errors before calling to update the database. Just a suggestion. Hope it helps. Thanks.
- The topic ‘Found A Potenital Bug’ is closed to new replies.