Security & Privacy Issue

  • Resolved U&I

    (@uandiweb)


    10 months, 1 week ago

    The email log is exposed to the public. If someone visits example.com/wp-content/gf-smtp-log.log – the person can see the entire email log which may lead to major security & privacy issues.

    Other than that – the plugin works great, and I love it.

    Thank you!!!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Kevin Pirnie

    (@kevp75)

    Appreciate it, but we know. It’s not something we are going to look into fixing either.

    Generally speaking, when a site manager starts debugging, we hope they know there’s a log kept somewhere… it should be their responsibility to clean up stuff like that.

    Sorry.

    Thread Starter U&I

    (@uandiweb)

    So consider adding a warning message to those who enable the log, and are not aware of the security & privacy issue.

    By the way, what happen if you change the destination log file from .log to .php? That will probably make the file not readable by unauthorized users, and resolve the problem.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security & Privacy Issue’ is closed to new replies.