DDoS because of your plugin

  • I have installed your plugin version 1.4.1 in my website and because of nonce validation lack in hook wp_ajax_nopriv_shared_counts_email, my server was down for a whole day!!

    The logs? DDoS Attack in wp-admin/admin-ajax.php with POST these data:

    Array
(
    [action] => shared_counts_email
    [postid] => 
    [recipient] => [email protected]
    [name] => 开沪立送58礼金- www.13033.top -ぃAG视讯豪华厅,直播美女陪您决战到天亮,大额无忧;
    [email] => [email protected]
    [validation] => 
    [nonce] => 
)

    Using nonces in ajax requests is fundamental principle of WordPress development

  • You must be logged in to reply to this review.