Our friends over at Social CMS Buzz and given us a heads up on a new security issue. The module “Send Announcement v0.2″ was used on a Pligg install to send out spam emails to all the members.

There are no details as to how this happened, but it is for certain that this module was the culprit.

Social CMS, like I, are advising you to disable and remove this module until more details can be made available.

Related posts

Email campaigns and Pligg

Pligg 9.9.5 released

SocialCMSBuzz gets banned from the pligg forums for revealing PYcURL Security Vurnability

Pligg is Ajax unfriendly

Pligg Latest Submitted Story Module v0.1 Released