Hi team,
I tried your plugin yesterday and I can see it works as intended. However, and this as totally unexpected, each and every using in the database was notified of the password and email change, and this created a complicated situation with our customer since every people that received the notification called to complain and report the “hack”.
It would be necessary to alert this on future users, and there should be a setting to prevent sending those email notifications (by default).
Just leaving you my 2 cents.
Have a great day,
AlbertoR