Posted 4 months ago #
Hello, i’m Julio from BoiteAWeb.fr
I’m Web Security Consultant.
I discover a big vulnerability in your plugin.
I can login with any account, of course like you said “with no password” ;)
Contact me to get the exploit code:
gtalk/email: [ email redacted ]
skype: [ redacted ]
See you
I'm curious if anyone has been able to duplicate your claim @juliobox?
If so, I'm wondering if it has been addressed yet in this plugin?
Posted 3 months ago #
Hello
the 0.5 actually correct the discovered vulnerabilities, but, a new XSS comes out in the same time.
The author did not yet respond to my last emails.
Stay tuned !
Posted 3 months ago #
Version 1.1, I believe, has proper sanitization now so no more xss nor sql injection holes....
You must log in to post.
