Unlock Digital (No Passwords)
[Plugin: No More Passwords] Security issue (5 posts)

  1. Julio Potier
    Posted 4 years ago #

    Hello, i’m Julio from BoiteAWeb.fr
    I’m Web Security Consultant.
    I discover a big vulnerability in your plugin.
    I can login with any account, of course like you said “with no password” ;)
    Contact me to get the exploit code:
    gtalk/email: [ email redacted ]
    skype: [ redacted ]

    See you


  2. bamajr
    Posted 4 years ago #

    I'm curious if anyone has been able to duplicate your claim @juliobox?

    If so, I'm wondering if it has been addressed yet in this plugin?

  3. Julio Potier
    Posted 4 years ago #


    the 0.5 actually correct the discovered vulnerabilities, but, a new XSS comes out in the same time.

    The author did not yet respond to my last emails.

    Stay tuned !

  4. Jack Reichert
    Plugin Author

    Posted 4 years ago #

    Version 1.1, I believe, has proper sanitization now so no more xss nor sql injection holes....

  5. miamialbert
    Posted 4 years ago #

    Hi jackreichert,

    Cool plugin! Quick question, what needs to be modified if WP is installed in a subdirectory?

    I am getting "404" on the redirection after login.


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Unlock Digital (No Passwords)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic