Two popular WordPress plugins allowed admins to log in without a password (300,000+ installs).

I am a user of InfiniteWP, using it on many sites. While this is really scary and makes me reconsider the plugin, I must also say that they reacted really fast and seriously. They sent out a mail immediately and didn’t downplay severity in the announcement or when opening the iwp panel, and as it is clear now, they reacted as soon as they became aware. At least the responsiveness and professional handling, is commendable.

Thanks to the Courtesy of :

https://www.reddit.com/r/netsec/comments/eon2wh/two_popular_wordpress_plugins_allowed_admins_to/

Leave a Reply