• There appears to be a major mistake in this plugin. I am using it with WP OAuth Server. The security flaw is in the first request to the OAuth server, programmed in Authenticate Check and Redirect in callback.php. This code includes the CLIENT SECRET in the redirect provided to the user.

Viewing 1 replies (of 1 total)
  • Thread Starter iNexi

    (@inexi)

    Any thoughts or fixes on this?! I’ve noticed recent updates still contain this security flaw.

Viewing 1 replies (of 1 total)
  • The topic ‘Major security issue’ is closed to new replies.