Overall, good job, good plugin.
One (possibly big) issue though. If an existing user goes to edit their information and they change their email address to something else there is no check in place to make sure that the newly entered email address isn’t already in the database.
So, theoretically, if a user knew the email address of a site admin could they not gain admin access by changing the email associated with their account to one that is used by an admin?
- The topic ‘no check against DB for existing email address when updating’ is closed to new replies.