I got the pro version of this plugin. Huge mistake. The site I installed it on was repeatedly attacked. The source of the security compromise is this plugin. The developer has been aware of this for a very long time. This is not a safe plugin and the developer is super untrustworthy. Absolutely avoid this plugin at all costs.
Like other people, there is a security flaw and my site was used to sent spam. They uploaded files everywhere which are used to spoof the website. Dont risk it with this plugin!
My website used this contact form until today. It has some hidden fields on the form where you can easily edit the sender and receiver. That way a lot of bots were sending spam from my website.
Do not use this plugin until they fix it!
I have run this plugin for a while now and had my site compromised last week because of it.
The plugin settings allows you to choose which file types are allowed to be uploaded. Even though this was set to allow only .pdf and .zip files to be uploaded, an attacker was able to exploit the file upload system, uploading a php script which then gave them full access to the site. These files were found within the folder where files are uploaded to.
After discovering this I attempted to do the same and was able to upload a .php script to my site and execute it without any resistance. This is a major flaw within the plugin and anyone running it should deactivate it immediately until it has been fixed. A simple google search for lays out the exploit and shows its been around for quite a while. A number of new updates for the plugin have been made since its discovery, but no fix.
Kindly share updated DEMO link.
Fab solution, great work....
i was amazed by seeing file upload and mainly photo editor which can be very use full for every user and is also very simple to use with rich ui
thanks for such great plugin..
Fantastic plugin :)
You must log in to submit a review. You can also log in or register using the form near the top of this page.