search

deliciousbrains / wp-offload-ses-lite

WP Offload SES Lite sends all outgoing WordPress emails through Amazon Simple Email Service (SES) instead of the local wp_mail() function.
https://wordpress.org/plugins/wp-ses/
13 stars 11 forks source link

Tracking pixel is added to server generated weekly email, sent to the user itself, without requesting for permission #34

Open currenge opened 2 years ago

currenge commented 2 years ago

Hi,

I got a weekly status email, from the plugin, and appears information about my opening it, MIGHT be sent to you, using a tracking 2px pixel, without me giving permission for this to happen. This Might also be a link, which instead of being placed for the entire

is placed within a small 2px area, in a strange, to me, way...

This is done in connection to the following links placed in the email header and footer:

<table width="100%" bgcolor="#34203a" style="background-color: #34203a; color: #ffffff">
    <tr>
        <td style="padding: 20px 0 20px 20px;">
            <h3 style="font-size: 24px; font-weight: normal; margin: 0; color: #ffffff;"><?php _e( 'Email Sending Health', 'wp-offload-ses' ); ?></h3>
            <p style="margin: 4px 0 0 0;"><?php echo $this->get_health_report()->get_report_date_range(); ?></p>
        </td>
        <td align="right" style="padding: 20px 20px 20px 0;">
            <table>
                <tr>
                    <td style="vertical-align: middle"><?php echo $this->get_health_report()->get_plugin_logo(); ?></td>
                    <td style="vertical-align: middle"><h3 style="font-size: 20px; font-weight: normal; margin: 0; color: #ffffff;"><?php echo $this->get_health_report()->get_plugin_name(); ?></h3></td>
                </tr>
            </table>
        </td>
    </tr>
</table>

where the function:

get_plugin_logo()

Is fetched from: classes/Health-Report.php:453

    public function get_plugin_logo() {
        $src = $this->wposes->plugins_url( 'assets/img/SES-circle.png' );
        $src = apply_filters( 'as3cf_get_asset', $src );
        return '<img width="50" alt="" style="width: 50px; display: block;" src="' . esc_url( $src ) . '" />';
    }

Which... takes the LOGO and applies a tracking FILTER on it:

apply_filters( 'as3cf_get_asset', $src );

This MAY be related to:

https://gist.github.com/aaemnnosttv/88615e44ef43e911ad15

Which seems to be related to passing information to AWS S3... https://deliciousbrains.com/wp-offload-media/doc/get-asset-url/

Issue MIGHT also be related to the file: upgrade.php

<a href="<?php echo esc_url( $upgrade_url ); ?>" style="border: 2px solid #000000; padding: 10px; font-size: 16px; color: #000000; background: #ffffff; text-decoration: none;"><?php _e( 'Get WP Offload SES Now', 'wp-offload-ses' ); ?></a>

<table>
    <!-- upgrade stuff (lite) -->
    <tr>
        <td>
            <h3 style="font-size: 18px; font-weight: normal; margin: 10px 0 0 0;"><?php _e( 'Want a better handle on your email failures?', 'wp-offload-ses' ); ?></h3>
            <p style="margin: 4px 0 20px 0;"><?php _e( 'Upgrade to WP Offload SES and get these awesome email failure handling features', 'wp-offload-ses' ); ?></p>
        </td>
    </tr>
    <tr>
        <td>
            <table>
                <tr>
                    <td width="285" bgcolor="#f2f2f2" style="background-color: #f2f2f2; padding: 15px; width: 285px" valign="top">
                        <h4 style="font-size: 16px; font-weight: normal; margin: 0;"><?php _e( 'Auto-Retry Email Sending Failures', 'wp-offload-ses' ); ?></h4>
                        <p style="font-size: 13px; margin-bottom: 0;"><?php _e( 'Every Amazon SES account has a max send rate. If you try to send more emails per second than your account rate, Amazon SES will return an error and refuse to send the email which could result in dropped emails if not handled properly. WP Offload SES is aware of your SES account\'s send rate and will stay within the limit, but in the event of a failed send (e.g. a networking issue) the robust queue system will retry sending those emails and keep track of failures.', 'wp-offload-ses' ); ?></p>
                    </td>
                    <td width="30" style="width: 30px;"></td>
                    <td width="285" bgcolor="#f2f2f2" style="background-color: #f2f2f2; padding: 15px; width: 285px;" valign="top">
                        <h4 style="font-size: 16px; font-weight: normal; margin: 0;"><?php _e( 'Manually Retry Email Sending Failures', 'wp-offload-ses' ); ?></h4>
                        <p style="font-size: 13px; margin-bottom: 0;"><?php _e( 'Let\'s say there was a networking issue that prevented your site from connecting to Amazon SES to send your email. WP Offload SES will automatically retry sending a few times before giving up and calling it a failure. If that happens, you can simply retry those failures once connectivity to Amazon SES is restored. With WP Offload SES none of your emails will get dropped into the ether because of a failure.', 'wp-offload-ses' ); ?></p>
                    </td>
                </tr>
                <tr>
                    <td colspan="3">
                        <h3 style="font-size: 18px; font-weight: normal; margin: 18px 0;"><?php _e( 'Upgrading also gets you...', 'wp-offload-ses' ); ?></h3>
                    </td>
                </tr>
                <tr>
                    <td width="285" bgcolor="#f2f2f2" style="background-color: #f2f2f2; padding: 15px; width: 285px;" valign="top">
                        <p style="font-size: 16px; margin: 0;">
                            ✅ <?php _e( 'Email support', 'wp-offload-ses' ); ?><br />
                            ✅ <?php _e( 'Open &amp; click reporting', 'wp-offload-ses' ); ?><br />
                            ✅ <?php _e( 'Search for any email', 'wp-offload-ses' ); ?><br />
                            ✅ <?php _e( 'View a specific email', 'wp-offload-ses' ); ?><br />
                            ✅ <?php _e( 'Analyze engagement for a specific email', 'wp-offload-ses' ); ?><br />
                        </p>
                    </td>
                    <td width="30" style="width: 30px;"></td>
                    <td width="285" bgcolor="#f2f2f2" style="background-color: #f2f2f2; padding: 15px; width: 285px;" valign="top">
                        <h4 style="font-size: 16px; font-weight: normal; margin: 0;"><?php _e( 'Get 20% Off!', 'wp-offload-ses' ); ?></h4>
                        <p style="font-size: 13px;"><?php _e( 'Click below to get 20% off your first year of WP Offload SES and gain access to pro features.', 'wp-offload-ses' ); ?></p>
                        <?php
                        $upgrade_url = $this->dbrains_url(
                            '/wp-offload-ses/',
                            array(
                                'utm_campaign' => 'WP+Offload+SES+20+Percent',
                                'utm_source'   => 'Email+health+report',
                                'utm_medium'   => 'email',
                                'utm_content'  => 'upgrade',
                            )
                        );
                        ?>
                        <p><a href="<?php echo esc_url( $upgrade_url ); ?>" style="border: 2px solid #000000; padding: 10px; font-size: 16px; color: #000000; background: #ffffff; text-decoration: none;"><?php _e( 'Get WP Offload SES Now', 'wp-offload-ses' ); ?></a></p>
                    </td>
                </tr>
            </table>
        </td>
    </tr>
</table>

May I ask, if you could please remove any tracking from email you order my server to generate?