WordPress.org

Ready to get started?Download WordPress

Forums

WooCommerce - excelling eCommerce
Account Security Issue (1 post)

  1. Todd Lahman
    Member
    Posted 1 year ago #

    When the settings option "Register using the email address for the username" is enabled the Checkout form has the Billing Address form
    and Account password password forms. This setup allows anyone using the same email address as another WordPress user on that blog to make a purchase, which then replaces the original user's account information with the new information, including the new password.

    If the settings option "Register using the email address for the username" is not enabled the the Checkout form has the Bill Address form, Account username, and Account password password forms. With the Account username in place the new user does not appear to have the ability to replace another user's account information.

    When the settings option "Register using the email address for the username" is enabled the Checkout form needs to have a Account username form field that explains an email address required for the username, and then make sure that no other existing accounts with that email address, or matching account names, have their information overwritten. This has been an issue since the "Register using the email address for the username" option was added I believe in October 2012.

    http://wordpress.org/extend/plugins/woocommerce/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.