Severe spam problem

  • See my review. This plugin has been abused to send spam email. I’m sorry to say it is very badly written, and does not validate the TellAFriend_message or TellAFriend_Link parameters, which can be used to insert any content in an email to any recipient.

    According to the changelog, from version 5.3 a CAPTCHA was removed and “form accept submission only from your website domain” – referrers are forged by bots, so this is no protection against abuse at all!

    No copy is sent to the site owner by default.

    I don’t think this is ever likely to be a workable approach to sending mail to an arbitrary address, even with a CAPTCHA. Better solutions for this are: (a) don’t allow the visitor to modify the subject line or content at all; or (b) create a mailto: link so the visitor can edit related text but send through their normal email system.

    https://www.ads-software.com/plugins/wp-tell-a-friend-popup-form/

Viewing 1 replies (of 1 total)

  • I had the same issue… this is getting frustrating and reason for me to find another solution.

    Please share what plugin you used to replace this with.

Viewing 1 replies (of 1 total)
  • The topic ‘Severe spam problem’ is closed to new replies.