Forum Replies Created
-
AuthorPosts
-
ahardy42Participant
Dear TNP Team,
I'd love any kind of reply on this topic! We're all busy but at least some sort of reply would help.Thanks
Adamahardy42ParticipantHi Newsletter Plugin people,
am I not getting any help on this as part of a policy to try to push me towards paid support?
Unfortunately, the website I'm working on doesn't have a budget at this point, so I can't go down this route, but it would surely be nice to get just limited feedback on this!
Regards
Adamahardy42ParticipantBump!
I went over all your documentation again. The plugin is really not doing its job here!
Any advice?
ahardy42ParticipantIs there any way forward with this?
The only thing that occurs to me is that it might be broken because some state in the database is breaking the use of lists, because I initially set it up without lists and it can't handle the change.
November 4, 2019 at 1:32 pm in reply to: Spammers using the newsletter plugin widget for spam subscriptions #243023ahardy42ParticipantIt would be helpful to have a statement from Stefano or the Newsletter plugin team about this msg from Wakeyjakey in this thread above:
Worryingly, the Newsletter Plugin seems to have sent out emails, with the first line of our welcome email changed. The first line reads, “Hi ANNUAL DRAWING OF PRIZE FOR E-MAIL USERS – http://www.ugomezatydod.tk/b30356_prize2019_30356,”
I think the plugin has sent 100s of emails inviting people to click on this phishing site – from our email address.
October 31, 2019 at 4:48 pm in reply to: Spammers using the newsletter plugin widget for spam subscriptions #242843ahardy42ParticipantHi, I have just finished setting up the newsletter plugin and I came across your post. I can see how spammers could have abused the URLs to add fake subscribers, but I don't understand how they managed to hack the plugin so that it sent out the spam newsletter and phishing URL.
Isn't that part of the plugin API protected by your wordpress account authentication?
It's great that you posted a work-around for the fake account subscribe actions. Isn't your site still vulnerable though, because the spammer just has to reregister themselves on your newsletter and the process emails will show them the work-around URL query parameters?
Thanks and good luck!
-
AuthorPosts