Major security issue

  • iNexi

    (@inexi)


    6 years, 8 months ago

    There appears to be a major mistake in this plugin. I am using it with WP OAuth Server. The security flaw is in the first request to the OAuth server, programmed in Authenticate Check and Redirect in callback.php. This code includes the CLIENT SECRET in the redirect provided to the user.

Viewing 1 replies (of 1 total)
  • Thread Starter iNexi

    (@inexi)

    6 years, 4 months ago

    Any thoughts or fixes on this?! I’ve noticed recent updates still contain this security flaw.

Viewing 1 replies (of 1 total)

The topic ‘Major security issue’ is closed to new replies.