How to disable Profile Image ?

  • Resolved lkb123vn

    (@lkb123vn)


    2 years, 9 months ago

    Allowing file uploads is a pretty dangerous thing if you don’t know it well. So I disabled the file upload function.
    But found that there is a place that cannot be disabled as Upload Profile Image? This function is not listed in your plugin. I didn’t know about it until I received a warning from a friend.

    He can upload quite a few types of files including zip and js files… No limit on the number of files. Can view and manage old links. And my website can be a Storage for him.

    I take this pretty seriously, you should check. And there should be an option to turn it off if someone doesn’t want to use it.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @lkb123vn

    Hope you are fine and doing great.??

    I understand and respect your concern. We already working to give an option in the plugin settings, so a user can enable or disable the profile image upload option.

    I also request to contact our support, our dedicated support team will help in this issue.

    Thanks for using ReviewX.

    Regards.

    Thread Starter lkb123vn

    (@lkb123vn)

    I think you should reconsider the Upload Profile Image function.

    1. It is not limited to file upload types. I check can upload html ,js … If not well protected. => can run file upload with HTML+JS. I think this is a pretty serious security bug. Could be a bug. Hackers can upload shells. Website attack. You need an update soon to stop it.

    2. Turn off the media upload management function. It’s not the same as uploading images other than review.=> direct and unmanaged uploads.

    3. Limit the maximum upload volume. For example 2-5Mb. Normally, websites have to increase to meet the needs of uploading plugins, web design …. Can be up to several hundred Mb. And users upload large files can be a Storage.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to disable Profile Image ?’ is closed to new replies.