Support » Plugin: Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder » Spammers are able to bypass ‘required’ fields

  • Resolved rinart73

    (@rinart73)


    This week I got a lot of spam, despite the fact that have reCAPTCHA. But I want to talk about another problem.
    I have required checkbox with “Terms of Service” label. Spammers were able to bypass it somehow, so it’s not checked in the spammed submissions.
    Can you please check if plugin correctly validates forms on a server side?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Zhanna Khachatryan

    (@zhannak)

    Hello @rinart73,

    Can you please write which version of Form Maker you use?

    rinart73

    (@rinart73)

    The last one – 1.13.15.

    Plugin Support Zhanna Khachatryan

    (@zhannak)

    Hi @rinart73,

    I am sorry for getting back to you late.

    Users can’t enter without filling in requires fields right? This means validation is working.

    Can you please make sure that you have the latest version of form-maker and enable anti-spam protection option.

    If after that you’ll continue getting spam submissions, please let us know.

    rinart73

    (@rinart73)

    As I realised later, spammers were able to sumbit the form directly via POST request. This way, required checkbox fields would have empty values. I’m not even sure if they were checked in this case.
    I have the latest version of the plugin.
    Enabling the new anti-spam protection option breaks forms because even normal visitors are not able to submit them.
    As for CAPTCHA and the new wordpress ‘nonce’ field – here is a thread where I described why these don’t protect from spam (in short, plugin has incorrect checks that allow to bypass these completely).

    • This reply was modified 4 months ago by rinart73.
    • This reply was modified 4 months ago by rinart73.
    • This reply was modified 4 months ago by rinart73.
    Plugin Support Zhanna Khachatryan

    (@zhannak)

    Dear @rinart73,

    The idea you have given us was a huge help, our developers have fixed the issue you have mentioned, that version is passing now full tests and will be released soon.

    Hope after that version the spam issue will be fixed thoroughly.

    Thanks again!

    Plugin Support Zhanna Khachatryan

    (@zhannak)

    Dear users,

    The bug is fixed, please update the plugin and check.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.