Open perry-mitchell opened 4 years ago
@perry-mitchell : a similar issue I see when updating or saving a page in Wordpress; every time Buttercup asks if this should be added to the vault. Mind you: when pressing that update button I don't fill in any credentials; I am already logged in as an administrator.
@Peppeo It's probably detecting some password input field.. I think we should block Wordpress admin entirely, if logged in.
Seems Buttercup is able to inject components into Wordpress content accidentally. Wordpress should be recognised and injection features disabled inside the admin area.