By chance I found this log file on the plugin folder: stcr-import-failures.log.
The issue is that it includes all the emails from users (which failed in the import process) in plain text and in a fixed/static path.
It seems too easy to check for the bad guys, maybe adding some random text in the filename of the log could be enough.
@IvanRF Thank you very much for the feedback. You're correct, that could definitely use some improvement to improve security. I'll get this fixed for the next release.
By chance I found this log file on the plugin folder:
stcr-import-failures.log
. The issue is that it includes all the emails from users (which failed in the import process) in plain text and in a fixed/static path. It seems too easy to check for the bad guys, maybe adding some random text in the filename of the log could be enough.