Major security issue
-
There appears to be a major mistake in this plugin. I am using it with WP OAuth Server. The security flaw is in the first request to the OAuth server, programmed in Authenticate Check and Redirect in
callback.php
. This code includes the CLIENT SECRET in the redirect provided to the user.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Major security issue’ is closed to new replies.