Conditional Fields Spam

  • Resolved idegwi

    (@idegwi)


    7 years, 12 months ago

    Hello,

    Plugin is great and done the job so far but I have only one problem.

    There’s a Get Quote form on the web page I done using CF7, CF7 Multi Steps and CF7 Conditional Fields.

    Now let’s Say I select car make Abarth it will give me conditional field to select the Car Model so I select 1000 (which is mean I can’t select other car models) But No I receive on the field of the car model all the first model from all other car make within the first drop down menu. as below:

    Car Make: Abarth
    Car Model: 10002-LitreCL145GT2002ATA 14AmbassadorAtom16A101510010 HP100A 112A3AvantiBJ 2020ArnageBCDA3C1 SeriesBS440025140601700Aerobus21031601.6DusterArcadia44Altis4.21000Bigua3-6 Monza600D8SummitAtom1251100Karma021 C10-73CKGAcadiaApollo1300CommodoreHawkH1AccentEX950117Aspid220Cherokee4-LitreAmantiAgera110350 GT037 Rallye109CTAviatorC 100011Luxgen 7Armada1500124Bagheera571000Crossblade650S Coupe170 VAntser1100Clubman3000GT2000110041100100 NXM101000442Admiral12HuayraAIV100733Acclaim10001300300Bug101.5100100750S7SMAstraFR-S1241000Gazelle1000 MBBrabusC8ActyonAero126Avanti1.810Aerio1510AriaMTXRoadster1000P 5010 Break1600AgilaM124001 Litre1201.3 l TouristXTR2Aero6Bravo102966ST1114
    Your Email: [email protected]
    PickUp Time: ASAP

    So How the Spammer selected more then one value for the conditional drop down menu???

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Jules Colle

    (@jules-colle)

    7 years, 11 months ago

    well, the thing is that a form can be submitted with any value you like, and it’s likely this happens if it’s an automated spam-script.

    Anyone can simply send a POST request with the correct headers and submit any value they like. It’s up to the server script to determine how this data gets processed.

    The conditional fields plugin does not do a lot of server side work, so it’s possible that these non-existing values get added to the database if WP, CF7 or another plugin doesn’t stop them.

    There’s no major security concern here though, since WordPress has decent mechanisms in place to prevent database injection.

Viewing 1 replies (of 1 total)

The topic ‘Conditional Fields Spam’ is closed to new replies.