[Plugin: Eventbrite for The Events Calendar] API User Key input field displayed for all registered u
-
When I set this up initially as administrator, I found the API User Key input field (after searching about) displayed at the bottom of my user profile edit page. OK so far.
After setting up a test user at the lowest access level (subscriber) I was shocked to find the same API User Key input field is displayed for all registered users!
This is a huge security breach! Any registered user can disconnect our EventBrite plugin from our EventBrite account by entering anything in this field and clicking [Update Profile].
Can anyone tell me where I can find the coding that causes this to appear here so I can neuter it!
- The topic ‘[Plugin: Eventbrite for The Events Calendar] API User Key input field displayed for all registered u’ is closed to new replies.
