Security issue with [bookingactivities_login form]

bookingactivities / booking-activities

Wordpress plugin booking system

GNU General Public License v3.0

29 stars 10 forks source link

Security issue with [bookingactivities_login form] #119

Closed IlPadrinoo closed 2 years ago

IlPadrinoo commented 2 years ago

When a form [bookingactivities_login form="xxx" redirect_url=""] is in the trash and displayed on fonrtend, user can login with WITHOUT password. Just enter email address and you are login. This trouble exists with ADMIN ACCOUNT too. Users : be careful Devs : please do something

yoancutillas commented 2 years ago

Hello, this is an non-default option in Booking Activities > Booking forms > your form > "User data (Login / Registration)" field settings > Login tab > "Password required" option.

required-password-option

If you find a security issue, please always contact the author privately to report it (contact@booking-activities.fr).