WordPress.org

Ready to get started?Download WordPress

Forums

Pie Register
[resolved] Security Issue - Break in! (4 posts)

  1. Shonu
    Member
    Posted 1 year ago #

    You can enter a system using this plugin and get the role assigned by default for new users (e.g. author but at least subscriber and then you can do posts!)

    Testcase
    1. Register as a new user
    2. after register, Lost password, suing EMAIL (username does not work as encrypted temporarily and unknown
    3. you get email send with reset LINK
    4. Click and visit reset page
    5. enter your encrypted username (taken from reset email)
    6. enter an new password
    7. Login with
    - encrypted username
    - new password from reset procedure

    et voilĂ ...you are in!

    Looking at the poor support response here in WP forum and that Facebook has not had any updates since 2-3 years...
    Wonder, how the update in January happened!

    T>his must be fixed!

    http://wordpress.org/extend/plugins/pie-register/

  2. Shonu
    Member
    Posted 1 year ago #

    Is nobody concerned?

  3. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    http://codex.wordpress.org/FAQ_Security

    For a WordPress plugin security issue, email plugins [at] wordpress.org with as much detail as you can

  4. Genetech Solutions
    Member
    Plugin Author

    Posted 1 year ago #

    Thank you for pointing out the problem. We are releasing an updated version with the fix of this breach.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic