First of all, I would like to thanks the developers of this plugin for this simple and fast plugin.
I was testing this plugin on my dummy site to test the working before using it on my main website. I found this issue.
This is the main issue that I got. I found that any registered user can change his/her email at any time to any other email. There is no verification process for the changed email address. Now, some users can update the fake email address or email address of someone else. So, this will cause the misuse of using someone’s email address and the user who has not registered on my site will get the emails from our website and that will be annoying and leads to spam messages.
My suggestion is: would you only provide the option to change name and password only because change of email address without verification of a newly updated email address can cause misue and users can update fake or some other person email address.
- The topic ‘1 big issue that i observed’ is closed to new replies.