WordPress.org

Forums

Gigya Socialize - ADMIN EXPLOIT (3 posts)

  1. kanem
    Member
    Posted 5 years ago #

    everybody using Gigya Socialize plugin on wordpress 2.9.1 can be exploited. users are logged in as admin if they are using the twitter connect feature of Gygia on wp-login.

  2. Gigya-inc
    Member
    Posted 5 years ago #

    Hi Kanem,

    Can you please send me the URL where this had happened to you or write steps I can follow in order to reproduce this situation?

    I logged into 5 different sites using twitter and I didn't have admin access in any of them.

    Thank you,
    Miri Oliel
    -Gigya

  3. FrancoFrenette
    Member
    Posted 5 years ago #

    I came across this too. If the twitter email is the same as the admin email i believe, it logs you in as the admin. It happened to me. I was logged out of the admin, used twitter to login and it brought me straight in the admin area, logged in as the administrator with all the admin options. Email me if you want, I can demonstrate it so you can fix.

Topic Closed

This topic has been closed to new replies.

About this Topic