search

stranoweb / stranoweb-ajax-login

Wordpress plugin to add ajax login, register, forgot password and logout modal popups and more.
2 stars 0 forks source link

Social Login feature circumvents any security setting regarding user signups (Disable "Registration" via Social Login) #23

Open gorfreed opened 3 years ago

gorfreed commented 3 years ago

Stranoweb's social login button will force create a user, no matter what restrictions (like 'required' fields that are essential for your membership page) are set. It will create a new user with a randomized name and no reference whatsoever about where the social login was initiated from, leaving you with a group of users that are completely unidentifiable and gained access to your membership page without even validating their emails. I am surprised that hasnt come up before but a solution is probably simple. e.g. an unregistered social login could be redirected to the registration form for example.

In short, for security reasons I can not allow a new user signing up with a Social Login. Can your plugin be adapted accordingly?

stranoweb commented 3 years ago

Hi Gorfreed,

thanks for the feedback, we will work to find a solution.

gorfreed commented 2 years ago

Is there any update on this? I have opted out for another solution on that project, but now I am setting up a new one and again I would love to use Stranoweb Ajax Login, as it just looks a lot better than other solutions. However, the security issue still persists and I wanted to check in with you to see if there was any development on this.

stranoweb commented 2 years ago

Hi Gorfreed,

Thanks for supporting our plugin. that fixing is still in our plan, unfortunatelly we didn’t have the time to work on it. We will do our best to fix asap.

Thanks for your patience.

Sent from Marco’s iPhone

Il giorno 3 nov 2021, alle ore 22:36, gorfreed @.***> ha scritto:

 Is there any update on this? I have opted out for another solution on that project, but now I am setting up a new one and again I would love to use Stranoweb Ajax Login, as it just looks a lot better than other solutions. However, the security issue still persists and I wanted to check in with you to see if there was any development on this.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.