As above, I’m building a wordpress site locally. It’s not live yet. But one of the plugin I configured and I intended to use in the site was miniOrange’s WordPress Social Login and Register plugin.
As you know it is today news that this plugin had a huge security breach – If someone had the email of a single user can gain access to any user of the site, including the admins.
They fixed the problem now in the updated version but I was wondering, what should I do in this situation? Should I trust these developers and use the latest version? Even if this is fixed, how do I know other huge problems like this one are still in the plugin? or is it better to use an alternative?
Also, I mean
>We contacted miniOrange on May 30, 2023, and received a response on June 2, 2023. After we provided full disclosure details, the developer released the first patch, which still contained a vulnerability, in version 7.6.4 on June 12, 2023. A fully patched version, 7.6.5, was released on June 14, 2023.
They took 2 weeks to fix the issue and the first patch didn’t even fix the issue…
[ad_2]