Title: Security problem Last modified: August 22, 2016 --- # Security problem * [Kobor](https://wordpress.org/support/users/kobor/) * (@kobor) * [11 years, 3 months ago](https://wordpress.org/support/topic/security-problem-19/) * What the hell is with this file : sharexymail.php ? Are you turning every sharexy install into a mass mailer? * [https://wordpress.org/plugins/sharexy/](https://wordpress.org/plugins/sharexy/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [Zettalab](https://wordpress.org/support/users/zettalab/) * (@zettalab) * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762147) * fixed. * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762148) * How is this fixed? * [https://plugins.trac.wordpress.org/browser/sharexy/trunk/sharexymail.php](https://plugins.trac.wordpress.org/browser/sharexy/trunk/sharexymail.php) * [Tim Nash](https://wordpress.org/support/users/tnash/) * (@tnash) * Spam hunter * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762149) * Note reset this to not resolved, as the issue remains, and simply saying “fixed” doesn’t sadly fix issues. * For anyone watching this thread, anyone who knows the location of that file on your server, will be able to send an email message to well anyone. * If that’s not bad enough creating effectively an open relay, it’s really badly coded to suppress errors that might occur. * Plugin Author [Zettalab](https://wordpress.org/support/users/zettalab/) * (@zettalab) * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762150) * I apologize for that. Now it’s fixed. * [Tim Nash](https://wordpress.org/support/users/tnash/) * (@tnash) * Spam hunter * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762151) * To put folks mind at ease, I’m a bit confused why the file was there, I can see in the latest release it was removed, but it would appear no other files were changed. So either it wasn’t being called or somewhere your code is breaking? * Also you might want to make it clear in your change logs, that this was a security release . * Plugin Author [Zettalab](https://wordpress.org/support/users/zettalab/) * (@zettalab) * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762152) * Hi, Tim. Thank you for the plugin code audit. * This file is left over from an earlier version of the plugin. In recent versions, we have changed function that used this file to a more secure. Unfortunately, during the latest versions code revision of the Sharexy plugin this file was missing. Thank you and thanks for Kobor that pointed us to this. * [Tim Nash](https://wordpress.org/support/users/tnash/) * (@tnash) * Spam hunter * [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762154) * So I didn’t do a plugin audit, I simply grep’d for a couple of functions and compared checksums for a few files. Hopefully though this has stirred you to do your own code audit or get someone in to do one. * Also it’s worth remembering both this thread and the code repository are publicly accessible including code revisions. If you feel perhaps you want to expand any more or perhaps put in a couple of corrections now would be a good time. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Security problem’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/sharexy_8d9095.svg) * [Sharexy - Powerful Social Sharing Buttons](https://wordpress.org/plugins/sharexy/) * [Frequently Asked Questions](https://wordpress.org/plugins/sharexy/#faq) * [Support Threads](https://wordpress.org/support/plugin/sharexy/) * [Active Topics](https://wordpress.org/support/plugin/sharexy/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sharexy/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sharexy/reviews/) * 7 replies * 4 participants * Last reply from: [Tim Nash](https://wordpress.org/support/users/tnash/) * Last activity: [11 years, 2 months ago](https://wordpress.org/support/topic/security-problem-19/#post-5762154) * Status: not resolved