Social login:
WordPress Login Bug, Enables Third-Parties To Receive Security Tokens

WordPress Login Bug, Enables Third-Parties To Receive Security Tokens

The administrators of the image hosting site will then have the capability to log in as the WordPress.com site’s owner as the result of the bug. This happens without the WordPress site notifying them to enter a valid username and password, as the security token provides the identity that the WordPress site will accept as valid.