Title: So many problems and unsecure code
Last modified: December 27, 2016

---

# So many problems and unsecure code

 *  [wooody](https://wordpress.org/support/users/wooody/)
 * (@wooody)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/so-many-problems-and-unsecure-code/)
 * Hi
    I think you need to review the plugin code again and stop direct access for
   files: /wp-content/plugins/mail-subscribe-list/index.php /wp-content/plugins/
   mail-subscribe-list/sml.php
 * Regards

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [SandyRig](https://wordpress.org/support/users/sandyrig/)
 * (@sandyrig)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/so-many-problems-and-unsecure-code/#post-8646675)
 * Please add nonce to your form. My list got flooded with spam.
 * I have made the following changes.
 * on line 71
    `$return = '<form class="sml_subscribe" method="post" id="sml_subscribe"
   action="/#sml_subscribe"><input class="sml_hiddenfield" name="sml_subscribe" 
   type="hidden" value="1">'.wp_nonce_field( 'creating_email_subscription', 'email_subscription');`
 * on line 273
 *     ```
       // Handle form Post
       add_action('init', 'sml_post_action');
       function sml_post_action(){
       	global $wpdb;
       	if ($_POST['sml_subscribe'] &&(isset( $_POST['email_subscription'] ) && wp_verify_nonce( $_POST['email_subscription'], 'creating_email_subscription' )  )) {
   
       		$name = $_POST['sml_name'];
       		$email = $_POST['sml_email'];
       		if (is_email($email)) {
   
       			$exists = mysql_query("SELECT * FROM ".$wpdb->prefix."sml where sml_email like '".$wpdb->escape($email)."' limit 1");
       			if (mysql_num_rows($exists) <1) {
       				$wpdb->query("insert into ".$wpdb->prefix."sml (sml_name, sml_email) values ('".$wpdb->escape($name)."', '".$wpdb->escape($email)."')");
       			}
       		}
       	}
       }
       ```
   
 *  Thread Starter [wooody](https://wordpress.org/support/users/wooody/)
 * (@wooody)
 * [9 years, 4 months ago](https://wordpress.org/support/topic/so-many-problems-and-unsecure-code/#post-8687335)
 * Hi SandyRig,
    Thanks for the fixing and please if you can update the plugin code
   and make it as updates.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘So many problems and unsecure code’ is closed to new replies.

 * ![](https://ps.w.org/mail-subscribe-list/assets/icon-128x128.png?rev=1158481)
 * [Mail Subscribe List](https://wordpress.org/plugins/mail-subscribe-list/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/mail-subscribe-list/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/mail-subscribe-list/)
 * [Active Topics](https://wordpress.org/support/plugin/mail-subscribe-list/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/mail-subscribe-list/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/mail-subscribe-list/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [wooody](https://wordpress.org/support/users/wooody/)
 * Last activity: [9 years, 4 months ago](https://wordpress.org/support/topic/so-many-problems-and-unsecure-code/#post-8687335)
 * Status: not resolved