Form sending spam | ww.wp.xz.cn

eggdesign1994
(@eggdesign1994)

3 months, 1 week ago

Hi, our web host suspended our hosting account:

We have observed over 1100+ rejected/defered Emails sent utilising the following endpoint on your website: /wp-json/wp/v2/rba_process_form

These Emails were sent by worpdress@ourdomain.

I was able to find that the endpoint itself was only being hit by one network connection, making it more likely that this was a compromised contact form plugin that used the endpoint /wp-json/wp/v2/rba_process_form, rather than an abuse of a contact form itself. Within the access logs, we can’t see any GET requests made to the path of the form, only POST requests to the endpoint.

Can you help us determine what the cause of this vulnerability was, please? Thanks.

Viewing 1 replies (of 1 total)

Plugin Author Takayuki Miyoshi
(@takayukister)

3 months, 1 week ago

/wp-json/wp/v2/rba_process_form

Do you have any idea which plugin (or theme) you use uses this endpoint?

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

1 reply
2 participants
Last reply from: Takayuki Miyoshi
Last activity: 3 months, 1 week ago
Status: not resolved