Security Issue

[ethicalhack3r]

Hi,

The plugin has a serious security issue which was reported to us (wpvulndb.com). I have tried to contact two of the developers via email without success. Just found this Github repository now. WordPress are aware of the issue so they may have contacted you already.

Please email team at wpvulndb.com for the technical details.

Thanks,
Ryan

[bostonchic]

Hmm, I tried to delete it on three sites after deactivating and it won't uninstall.

[jaredatch]

ping @bmarshall511

[janemanthorpe]

Hi,
I had the same issue but deleted via my control panel with Hostgator I am hosted with. Depending who you are hosted with , you need to go into the WP content area, then plugins and then find Zero spam plugin and delete all the files for your directory. Make sure first you have deactivated the plugin from your wordpress dashboard and done a backup first (just in case) Cheers Jane

[bostonchic]

Yes, I deleted via FTP... it's a shame that users who maintain their own site may not understand how to get rid of it. :(

[janemanthorpe]

Yes, you are right. Shame on the plugin creator just abandoning it.

[geckoseo]

?? It would be decent at the very least if the reason for the removal from the WP repo was explained on the authors website.

Instead we can apparently still download and use the plugin directly from here?

Is this not somewhat irresponsible? Why would anyone still allow a plugin with security holes in it to be downloaded?

[thiagolcks]

I've made a PR to fix this issue.