Just to say that I have the same concern about this privacy/security issue.
I have asked in this other topic: https://wordpress.org/support/topic/wordpress-users-list-3/
I look forward for an answer in one of both, thanks a lot.
Hi @tamhas and @soyzenitram,
Thanks for getting in touch.
Unfortunately, since Version 3.0.8, the total count of subscribers includes all users across a network. This is a bug for Multisite users and will be corrected in the future, however, it’s not one of our priorities at the moment.
We’re sorry about the inconvenience.
Oh, this is a pity, and also hardly understandable for me…
This issue represents in any multisite network:
– A security hole: Any user with access to mailpoet gain access to full login list of network users (since you can login with the email)
– A privacy issue: It suposes that any user with access to mailpoet is able to know personal information of many people. Note that this make mailpoet/WPMU de facto unusaable in whole european union, since it is uncompilant with RGPD. Also unusable in many other non-EU countries, I dare to guess, since sharing info from one context to another is a privacy basis, and in consequence it will be uncompilant with most of the data protection legislations.
I encourage you to reconsider the relevance of this bug, with turns a fantastic piece of software into fireworks in a multisite context.
Thanks a lot!
-
This reply was modified 5 years, 8 months ago by
soyzenitram.
-
This reply was modified 5 years, 8 months ago by soyzenitram.
Thread Starter
Tamhas
(@tamhas)
No problem, but meanwhile, you better put an amendment on the above mentioned article. I realise it was written five years ago but still, anyone searching for mailpoet multisite, when they want to check if it’s supposed to work with multisite or not, gets that article. Thanks!
You are completely right. Apologies for the confusion.
The article has been updated.
Wow.. selling Agency licenses without mentioning this is very sketchy.
This article is misleading and should be updated also:
https://docs.mailpoet.com/article/43-premium-license-multisite
Are you sure this isn’t a priority??
We are on MailPoet Version 3.25.0 and we still see this issue and we have customers on our multisite instance that want to use this plugin. Unfortunately we cannot add MailPoet to their plugins list with this open issue? Is there a timeline planned for resolving this issue?
Any progress on this? This is a serious privacy issue and it needs to be resolved.
I checked again on the recent update, 3.34.4, and it still doesn’t appear to be fixed.
Can you advise what is the planned version for this bug to be corrected?
This is a huge problem. It makes the plugin unusable.
Hi Mailpoet, I’m an Agency Owner and paid for the unlimited license to then find out that the subusers do see all the email addresses of all other subsites in a multisite, one year and 4 months ago you wrote in this thred that you would fix this bug, now we are one year and 4 months later, this bug it’s still there and it’s really a big problem with GDPR and user experience! It’s not a minor bug, it’s a big issue for Agencies. When can you solve this!?!?!?
It’s an easy fix, which leads me to believe that they’re doing this on purpose for some reason.
I hacked up Mailpoet on my multisite network to prevent this and it has been working flawlessly for a year.
I’m thinking about forking off and releasing my version of this plugin on to WordPress.org so that people can use it on multisite, without sending limits, and without their annoying sending service spam.
-
This reply was modified 4 years, 3 months ago by
rojokuze.
@rojokuze are you considering releasing the fix for this? There support confirmed with me that this is still an issue.
Wait, you guys are sharing the same wordpress install between totally different clients using multisite??
Why? In this way if one of your clients get hacked/exploited, all your network get compromised! All for what, saving $5 in hosting fees?
Each client website should have a separate database and be in a separate directory.
What if your users install some plugin that dump the whole mysql database?
Multisite is designed for websites managed by the exact same team of people
@magneticdud
Subsite admins can’t install their own plugins on multisite so all multisite networks are already managed by the same team of users.
@claytonchase
I don’t plan on releasing one at this time.
