This Plugin HAS A HUGE Security Flaw.. No Answer Yet???
DO NOT use this plugin if:
A.) You manage multiple clients SEO in a single analytics account and
B.) you are a developer handing a site over to a end user.
I posted this here: http://wordpress.org/support/topic/the-settings-show-my-clients-all-of-my-accounts?replies=1 and here: http://wordpress.org/support/topic/menu-settings-show-clients-all-accounts?replies=1 and have not received an answer yet.
Basically if you are a developer managing seo for multiple sites through a single google analytics account (which many agencies do), when you authenticate your account and choose the client in your analytics, when you hand the site over to the end user, the end user can choose the plugin from the menu, click the drop down list of sites available with that authentication and SEE all the other analytics accounts tied to that account and even change their site to another clients site. Doesn’t seem like you should be able to do that.
I have not seen a fix for this yet other than once it is set to remove it from the menu so there is no access to it any more.
- The topic ‘This Plugin HAS A HUGE Security Flaw.. No Answer Yet???’ is closed to new replies.