Pie Register
[resolved] Security Issue - Break in! (4 posts)

  1. Shonu
    Posted 2 years ago #

    You can enter a system using this plugin and get the role assigned by default for new users (e.g. author but at least subscriber and then you can do posts!)

    1. Register as a new user
    2. after register, Lost password, suing EMAIL (username does not work as encrypted temporarily and unknown
    3. you get email send with reset LINK
    4. Click and visit reset page
    5. enter your encrypted username (taken from reset email)
    6. enter an new password
    7. Login with
    - encrypted username
    - new password from reset procedure

    et voilĂ ...you are in!

    Looking at the poor support response here in WP forum and that Facebook has not had any updates since 2-3 years...
    Wonder, how the update in January happened!

    T>his must be fixed!


  2. Shonu
    Posted 2 years ago #

    Is nobody concerned?

  3. WPyogi
    Forum Moderator
    Posted 2 years ago #


    For a WordPress plugin security issue, email plugins [at] wordpress.org with as much detail as you can

  4. Genetech Solutions
    Plugin Author

    Posted 2 years ago #

    Thank you for pointing out the problem. We are releasing an updated version with the fix of this breach.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic