[Plugin: Custom Contact Forms] Spam gets thru, invalid ccf_contact_method data allowed | ww.wp.xz.cn

brother7
(@brother7)

14 years, 9 months ago

Only hours after installing Custom Contact Forms, I received a spam message. A reverse IP lookup shows that the spam originated in Romania.

After installing the sample data, I deleted a few unwanted fields like website and calendar, then published a page with the default [customcontact form=1].

The strange spam I received concerns the field ccf_contact_method, which is a drop-down list of 3 choices (by email, by phone, do not contact). However, in the form submission, the data is neither of these 3 choices; it was a phone number.

My 2 concerns are:
1. How was a spammer able to get through so quickly after I installed the plugin? Is there a hidden callback in the code? Is someone taking advantage of an exploit that hasn’t been fixed?
2. How did invalid form data get submitted for the ccf_contact_method field?

http://ww.wp.xz.cn/extend/plugins/custom-contact-forms/

The topic ‘[Plugin: Custom Contact Forms] Spam gets thru, invalid ccf_contact_method data allowed’ is closed to new replies.

0 replies
1 participant
Last reply from: brother7
Last activity: 14 years, 9 months ago
Status: not resolved