WordPress.org

Ready to get started?Download WordPress

Forums

No More Passwords
Security issue (5 posts)

  1. Julio Potier
    Member
    Posted 2 years ago #

    Hello, i’m Julio from BoiteAWeb.fr
    I’m Web Security Consultant.
    I discover a big vulnerability in your plugin.
    I can login with any account, of course like you said “with no password” ;)
    Contact me to get the exploit code:
    gtalk/email: [ email redacted ]
    skype: [ redacted ]

    See you

    http://wordpress.org/extend/plugins/wp-qr-code-login/

  2. bamajr
    Member
    Posted 2 years ago #

    I'm curious if anyone has been able to duplicate your claim @juliobox?

    If so, I'm wondering if it has been addressed yet in this plugin?

  3. Julio Potier
    Member
    Posted 2 years ago #

    Hello

    the 0.5 actually correct the discovered vulnerabilities, but, a new XSS comes out in the same time.

    The author did not yet respond to my last emails.

    Stay tuned !

  4. Jack Reichert
    Member
    Plugin Author

    Posted 2 years ago #

    Version 1.1, I believe, has proper sanitization now so no more xss nor sql injection holes....

  5. miamialbert
    Member
    Posted 2 years ago #

    Hi jackreichert,

    Cool plugin! Quick question, what needs to be modified if WP is installed in a subdirectory?

    I am getting "404" on the redirection after login.

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic