Critical Exploit: Backdoor Spam Registrations via bbPress
-
When using the bbPress plugin for forums spam bots can bypass your registration and create accounts using the template files found here: buddypress/bp-forums/bbpress
Not only can they bypass any anti-spam features (including email conformation), their activity will not show in your normal forums. The spam posts will only show if you follow the default permalink: http://example.com/wp-content/plugins/buddypress/bp-forums/bbpress/ There you will find a vanilla install of bbPress where the spam posts live.
Buddypress should not be used unless you delete these bbPress files. Spam bots can easily create thousands of posts/accounts per minute with nothing stopping them until your server crashes.
- The topic ‘Critical Exploit: Backdoor Spam Registrations via bbPress’ is closed to new replies.