Recently we have been getting forwarded emails from our members that look like this:
“I’m checking in to see whether you’re still interested in getting the list of Distribution/Member List.
• BC Play Therapy Association (British Columbia, CANADA, 2024)
• Attendees Counts: 1,000
Let me know your thoughts so that I can share the cost & more information.
Regards,
Saylor– Event Coordinator”
We have been dealing with WP Engine and Sucuri to find out if there was a hack to our system to allow someone the ability to get these lists or if these were just fake emails. Finally, after a lot of back and forth, WP Engine wrote this to us
“went ahead and did an ack-grep for those domains [member emails]. It led me to two CSV files on your file system [redacted]
I see these are in a custom directory inside Uploads called espresso. This would actually mean these are publicly accessible, so if you try to resolve the URL including the file path, the CSV will download, like below: [redacted]
What likely happened is some type of bot would have scraped the site for links to check what data is publicly accessible.
Did you set up the espresso directory or is that the default directory configuration from the plugin authors?”
This is a security issue, I am not sure how it is possible that after downloading the CSV report it becomes public. There should be a warning about that. How do we permanently delete these files and prevent anyone except admin users from accessing them?
I wrote a response back on August 12th to the support email you listed and I have not heard back.
Could you let me know if you have received that email and the added information we sent on the 14th. I do not know how to clear the temporary files and would need some help with that. And some help to figure out how to change this so the CSV reports are not able to be seen by the public in the future.
My apologies, it looks like the reply triggered our spam filters (likely due to the link within it) so I hadn’t seen it.
I’ve just gone on the hunt after seeing the above reply and found it. I’ll reply directly via email now.
Viewing 3 reply threads
The support post ‘Security Issue with CSV Reports’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.
Support forum for Event Espresso 3 and Event Espresso 4.