Unwanted manipulation of WYSIWYG editing (Wordpress)

buttercup / buttercup-browser-extension

:earth_asia: Buttercup browser extension

https://buttercup.pw

MIT License

230 stars 42 forks source link

Unwanted manipulation of WYSIWYG editing (Wordpress) #304

Open perry-mitchell opened 4 years ago

perry-mitchell commented 4 years ago

Seems Buttercup is able to inject components into Wordpress content accidentally. Wordpress should be recognised and injection features disabled inside the admin area.

Peppeo commented 4 years ago

@perry-mitchell : a similar issue I see when updating or saving a page in Wordpress; every time Buttercup asks if this should be added to the vault. Mind you: when pressing that update button I don't fill in any credentials; I am already logged in as an administrator. Screen Shot 2020-01-16 at 3 37 45 PM

perry-mitchell commented 4 years ago

@Peppeo It's probably detecting some password input field.. I think we should block Wordpress admin entirely, if logged in.