Major Security Bug: Plugin allows new signups despite disabling registration.
-
The plugin allows new signups automatically if I sign in using the accounts from E.g. Google / Twitter. This is despite me disabling registrations.
Moreover, Unapproved users are able to access the front end and even the admin panel despite it being a protected site. (Only logged in users can access the site, and dashboard access is removed for subscribers. Refer to the Absolute Privacy plugin for reference)
In addition, no email notification was being sent to the site admin despite the setting being enabled.
This in many many aspects present a huge security loophole. I disabled the plugin immediately and will have to find a solution to this before I’ll reactivate it again.
Good Concept, Flawed Execution.
Plugin Version at time of post: 0.2.8
- The topic ‘Major Security Bug: Plugin allows new signups despite disabling registration.’ is closed to new replies.