1 big issue that i observed

  • sophia27smith

    (@sophia27smith)


    4 years ago

    First of all, I would like to thanks the developers of this plugin for this simple and fast plugin.
    I was testing this plugin on my dummy site to test the working before using it on my main website. I found this issue.
    This is the main issue that I got. I found that any registered user can change his/her email at any time to any other email. There is no verification process for the changed email address. Now, some users can update the fake email address or email address of someone else. So, this will cause the misuse of using someone’s email address and the user who has not registered on my site will get the emails from our website and that will be annoying and leads to spam messages.
    My suggestion is: would you only provide the option to change name and password only because change of email address without verification of a newly updated email address can cause misue and users can update fake or some other person email address.

    Thank You

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Javier Carazo

    (@carazo)

    @sophia27smith,

    Thanks for your review! We were so busy we cannot check this till now.

    Respect the issues you observed.

    Where are you able to change it? Using [clean-login-edit]?

    Thread Starter sophia27smith

    (@sophia27smith)

    When I click on the edit option Using [clean-login-edit] page then any user can change the email address to something else. So, users can update the fake email address that doesn’t even exist. I have personally checked it on my dummy site.

    Thank You very much for your response.

    Plugin Author Javier Carazo

    (@carazo)

    Sorry but where is the email address?

    https://prnt.sc/vflsw1

    Thread Starter sophia27smith

    (@sophia27smith)

    You can check this image of my site in the screenshot (when a user logged in). Link – https://drive.google.com/file/d/1HtHSLIIMTrA0ouhWchtvGDBVckbZf_qK/view?usp=sharing

    Plugin Author Javier Carazo

    (@carazo)

    OK there is a param in this shortcode to show email.

    You can hide this field removing the param you use in this shortcode.

    Anyway, if you want to leave users to change their email, we are going to include some kind to protection (with a email to confirm it).

    We will tell you when it will be done.

    Plugin Author Javier Carazo

    (@carazo)

    We have included the change verification email.

    Update to the last version and you will get it.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘1 big issue that i observed’ is closed to new replies.