Security vulnerabilities in Magic Login Pro (2)
-
DOS through IP spoofing – (Magic Login Pro <= 1.4.1)
The plugin uses the current IP address to rate limit login requests. The implementation is vulnerable to IP spoofing, which an attacker can use to ban arbitrary users or the site’s reverse proxy from accessing the login page.
-
Site takeover by stealing login tokens – (Magic Login Pro < 1.4.1)
The plugin stores login tokens as plain text in the “wp_usermeta” table, which is equally as dangerous as storing passwords in plaintext since anybody with access to the login token can authenticate himself as the target user.