Beware: Sensitive Data Exposed Despite Claims

  • marbs

    (@marbs)


    3 months ago

    Updated to version 4.0.9 to fix the problem of PDFs with sensitive data being publicly accessible. Despite this, I found that sensitive PDFs are still exposed on my domain and found on Google and Bing.

    The plugin fails to secure sensitive data as promised. If you need to protect confidential information, this plugin is unreliable.

    Search for: “PDF files found in Search Engines!” in the support forum to learn more.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author ZealousWeb

    (@zealopensource)

    Hello @marbs,

    Thank you so much for your review. It seems there was an issue with your configuration. Please check the attached screenshot link and video link.

    SS Link : https://shorturl.at/7qH9X
    Video Link : https://tinyurl.com/22bjxboy

    Kindly update your settings according to the screenshot, and verify that your system is not saving PDFs in the upload folder.

    If you have any questions, feel free to reach out; I’m here to help.

    Please check it and consider leaving a positive review.

    Thank you,
    ZealousWeb

    Plugin Author ZealousWeb

    (@zealopensource)

    Hello @marbs,

    It’s now working. Please check the attachment.

    If you have any questions, feel free to ask; I’m here to help.

    Thank you,
    ZealousWeb

    Thread Starter marbs

    (@marbs)

    Hi, there is no issue with the configuration but with the plugin as yourself noted in the changelog 4.1.2 “The issue with removing PDF attachments has been fixed.”. However, it is still leaving the PDF files on the server. I have created a htaccess file to block everything accessing that directory because a robots.txt is just not enough.

    Plugin Author ZealousWeb

    (@zealopensource)

    Dear @marbs,

    You’re correct. Yesterday, I updated to version 4.1.2, and you selected “Do you want to remove the PDF attachment after the mail is sent?” When “Yes” is selected, the PDF file is not added to the upload folder, but it is still added to the “plugins/generate-pdf-using-contact-form-7/attachments” directory. This is because the users can download the PDF after form submission. Please check the attached screenshot link for reference.
    screenshot link : https://prnt.sc/aUDxQ_IjEI4L

    If you have any questions, feel free to ask; I’m also here to help.

    Thank you,
    ZealousWeb

    Thread Starter marbs

    (@marbs)

    ZealousWeb, uploads or the plugin directory, PDF files should stay private and secured.

    domain.com/wp-content/plugins/generate-pdf-using-contact-form-7/attachments/*.pdf may not end up in search engines.

    You should either inform all users about this or upon installation a .htaccess file is added to block bots or anyone from accessing. A client’s ID and bank account number ended up in search engines.

    Thank you.

    thenameda123

    (@thenameda123)

    Hello @marbs

    Thank you so much. Now it is not store pdf file in upload folder.and it is good Plugin. I used to this Plugin.

    Plugin Author ZealousWeb

    (@zealopensource)

    Hello @marbs,

    We have removed the PDF from the attachment folder and are currently developing this feature.

    If possible, please consider giving us a 5-star rating.

    If you have any questions, feel free to reach out—I’m here to help.

    Thank you,
    ZealousWeb

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this review.