This is not a bug that you can reproduce step by step, but I think it could be a serious potential risk in SE.

I am receiving some emails from unknown origin. They contain text that promote some businesses. They are not sent from any of our members and the body of the emails shows that they are sent from our admin email to the admin email.

Subject says: A member has sent you a message using the contact page

here is the body of one of emails:

Hello,

Cedric Jamison has sent you a message using the contact page:

Email : *****
Message:
Want to find out how you can send mass messages to millions of websites just like I did via your site's contact page just now? Email me back here: *****

Best Regards,

Administration

I don't know where is our Contact Page in SE and how they have access to this page, but it seems clear that somehow they have penetrated to this page.

It would be appreciated if you look through and fix any potential risk.

Best Regards,

Hooman

This post was edited by socialenginestaff at June 7, 2023 5:04 AM EDT

Please ignore this bug report! It wasn't actually a bug, and I couldn't delete the topic because I hadn't permission to do so.

They have sent the email from the contact page of our GDPR plugin.