Source evidence

[Plugin: No More Passwords] Security issue

Unlock Digital (No Passwords) · support · 2012-01-31T14:25:00+00:00

Unlock Digital (No Passwords) plugin evidence original source source API

complaintsentiment

highseverity

0.96relevance

4replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

4 / 29 rows with source links

13.8% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

25 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

Julio Potier unresolved

Hello, i’m Julio from BoiteAWeb.fr I’m Web Security Consultant. I discover a big vulnerability in your plugin. I can login with any account, of course like you said “with no password” 😉 Contact me to get the exploit code: gtalk/email: [ email redacted ] skype: [ redacted ] See you http://wordpress.org/extend/plugins/wp-qr-code-login/ I’m curious if anyone has been able to duplicate your claim @juliobox ? If so, I’m wondering if it has been addressed yet in this plugin? Hello the 0.5 actually correct the discovered vulnerabilities, but, a new XSS comes out in the same time. The author did not yet respond to my last emails. Stay tuned ! Version 1.1, I believe, has proper sanitization now so no more xss nor sql injection holes…. Hi jackreichert, Cool plugin! Quick question, what needs to be modified if WP is installed in a subdirectory? I am getting “404” on the redirection after login. Thanks!

Commercial Context

Opportunity

checkout and revenue assurance

Qr Code revenue assurance for protecting checkout revenue and order operations

Buyer: store owners and WooCommerce agencies

Wedge: monitor qr code failures, handoffs, and revenue-impacting exceptions

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: [Plugin: No More Passwords] Security issue: users show security, bugs, setup pain that may indicate a product gap.

Evidence quote: [Plugin: No More Passwords] Security issue Hello, i’m Julio from BoiteAWeb.fr I’m Web Security Consultant.

Affected feature: email

security bugs setup easy

Plugin

API

Unlock Digital (No Passwords)

10 active installs · 4.6K downloads · rating 88.0

Comments

4 shown

bamajr 2012-02-10T20:32:00+00:00

I’m curious if anyone has been able to duplicate your claim @juliobox ? If so, I’m wondering if it has been addressed yet in this plugin?

Julio Potier 2012-02-10T21:45:00+00:00

Hello the 0.5 actually correct the discovered vulnerabilities, but, a new XSS comes out in the same time. The author did not yet respond to my last emails. Stay tuned !

Jack Reichert 2012-02-11T14:32:00+00:00

Version 1.1, I believe, has proper sanitization now so no more xss nor sql injection holes….

miamialbert 2012-06-28T19:51:00+00:00

Hi jackreichert, Cool plugin! Quick question, what needs to be modified if WP is installed in a subdirectory? I am getting “404” on the redirection after login. Thanks!