WordPress vulnerability discovered in popular anti-spam plugin installed in over 60,000 website
Block Spam Users, Comments, Forms WordPress plugin.
The purpose of the plugin is to stop spam in comments, forms, and sign-up registrations.
WordPress vulnerability discovered in popular anti-spam plugin installed in over 60,000 website
It is a required practice for any WordPress plugin or form that accepts a user input to only allow specific inputs.
That filtering process that keeps out unwanted inputs is called sanitization.
A contact form should have a function that inspects what is submitted and block anything that is not text.
The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used.
The non-profit Open Web Application Security Project describes the potential impact of these kinds of vulnerabilities.
The vulnerability in the Stop Spammers Security WordPress plugin was fixed in version 2022.6