Impact
Cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that would steal this cookie would be able to use it to autologin.
Patches
TODO
Workarounds
Not using the "remember me" feature.
References
https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2/
Impact
Cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that would steal this cookie would be able to use it to autologin.
Patches
TODO
Workarounds
Not using the "remember me" feature.
References
https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2/