Instagram Feed Pro Developer – 6.3.2 back door

  • Resolved Anonymous User 14583327

    (@anonymized-14583327)


    1 year, 2 months ago

    Please remove the “secure custom login tool for the support team” introduced in 6.3.2.

    This is a very very bad idea, for all the reasons I’m sure you already know. If your customers need to give you access, they can create login credentials for you themselves.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Craig at Smash Balloon

    (@craig-at-smash-balloon)

    Thank you for the feedback and we understand your concern! We take the security of your site extremely seriously and do understand the sensitivity of functionality in a plugin that creates a temporary login capability. The code was reviewed by our in-house security researcher before being approved for launch and the general concept was reviewed by our security team before development began.

    The capabilities of the logged-in user are extremely narrow and would not give any unapproved access to your site.

    That being said we don’t want to alarm our users as it seems it the case here. We are considering your suggestion to make this a separate plugin that users can install with the direction of a support representative.

    Also, this is related to something that is specifically in our paid pro plugin. As such I’m not sure if the moderators will allow this post here. We will be happy to follow up with you within our ticketing system!

    Thread Starter Anonymous User 14583327

    (@anonymized-14583327)

    I posted this here so this discussion is public (since your code is not). given that your code does not use WordPress PHP coding standards, and is apparently not linted, I’m not confident that your plugin can maintain such a powerful “feature” securely.

    It presents a large and unnecessary attack vector.

    Plugin Author Craig at Smash Balloon

    (@craig-at-smash-balloon)

    Thanks again for your thoughts! You will notice improvements in future updates.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Instagram Feed Pro Developer – 6.3.2 back door’ is closed to new replies.