Title: vulnerability Last modified: February 10, 2024 --- # vulnerability * [windros](https://wordpress.org/support/users/windros/) * (@windros) * [2 years, 4 months ago](https://wordpress.org/support/topic/vulnerability-95/) * Use a bug; When one is not confirmed as a subscriber, apparently from here it connects through the XML-RPC protocol and begins to make continuous admin brute force logins with multiple bot-type ips but they are not blocked even if you configure it. Maybe it works like that but it’s too much. I was able to remove it. Also db is never removed. Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Support [Dani F. a11n](https://wordpress.org/support/users/danielinhou/) * (@danielinhou) * [2 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-95/#post-17476067) * Hi there [@windros](https://wordpress.org/support/users/windros/), * > apparently from here it connects through the XML-RPC protocol and begins to > make continuous admin brute force logins with multiple bot-type ips but they > are not blocked even if you configure it.  * I am not 100% sure I have understood the issue that you have mentioned. I’ll be glad to share this with our developers and see if they can research it further. * Could you please contact us via [https://www.mailpoet.com/support/sales-pre-sales-questions/](https://www.mailpoet.com/support/sales-pre-sales-questions/) and include a link to this thread? * Your request will be triaged accordingly when we receive it and we’ll be able to provide you with more information there. * Cheers * Thread Starter [windros](https://wordpress.org/support/users/windros/) * (@windros) * [2 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-95/#post-17476319) * Thanks for responding, what it was stop doing it and what was apparently a bot continued doing it from the common admin login, mail poet disappeared, it seems that it used left tables but it stopped doing it to do it with anything. The only difference is that it did not use the admin login and i didnt see no more mail poet on the brute force. I delete every thing how ever it continues to do it * Right now I don’t have anything because in a month I changed my website 3 times, I would have to check to see if I have a screen shot. But as I remember the bot because it looked like a bot, it used WordPress-xmlrpc-client with i dont know like an output from mail poet, I delete every thing and changed the xmlrpc with a new file to discard changes and I put an ini rule set xmlrpc error 0 from a plugin that I bought, i set it in the ini, so it was quickly fixed by blocking the bot when trying to log in. * I will check if i got some screenshot i will send it. * Plugin Support [Dani F. a11n](https://wordpress.org/support/users/danielinhou/) * (@danielinhou) * [2 years, 2 months ago](https://wordpress.org/support/topic/vulnerability-95/#post-17562888) * Thanks! Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘vulnerability’ is closed to new replies. * ![](https://ps.w.org/mailpoet/assets/icon-256x256.png?rev=3284564) * [MailPoet - Newsletters, Email Marketing, and Automation](https://wordpress.org/plugins/mailpoet/) * [Frequently Asked Questions](https://wordpress.org/plugins/mailpoet/#faq) * [Support Threads](https://wordpress.org/support/plugin/mailpoet/) * [Active Topics](https://wordpress.org/support/plugin/mailpoet/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/mailpoet/unresolved/) * [Reviews](https://wordpress.org/support/plugin/mailpoet/reviews/) * 3 replies * 2 participants * Last reply from: [Dani F. a11n](https://wordpress.org/support/users/danielinhou/) * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/vulnerability-95/#post-17562888)