Someone published a post without being user

  • Resolved peq42

    (@peq42)


    2 years, 10 months ago

    Someone has managed to, within 5minutes(I was in a room with them, but didn’t look at what they were doing), find a way to make a post(was still marked as pending though, as configured) on my website without being a user, even tho I set it so only registered people can post.

    Not only that, but after the post was sent a new user was somehow created? With no need for e-mail verification or even setting a password?

    This plugin needs some security overhaul.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Starr

    (@specialk)

    2 years, 10 months ago

    Glad to help. The plugin is very secure, vigorously tested over many years on thousands of sites. That said, if there is any security issue, I want to resolve asap.

    Per WordPress best practices, always report security issues privately to the developer, so they can fix it without putting any other sites at risk. Please reach us via our contact form, and we will investigate asap, thank you. Let me know if any questions about this, or if any feedback, etc. Glad to help anytime.

    Plugin Author Jeff Starr

    (@specialk)

    2 years, 10 months ago

    Replied to your email, thank you.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Someone published a post without being user’ is closed to new replies.