• Resolved Julio Potier



    Your plugin makes life easy for hackers because you do not use security nonce tokens.
    Also, the plugin sends you an email each time the plugin option page is visited, without user agreement, this is spam and forbidden.

    Read the codex to learn how to add nonces to your form/ajax.
    Btw, all websites do not starts with ‘http://www.’, check “parse_url()” php function.
    Also, check $wpdb->update() function.
    Last, what is JS is not activated, like on Screen Readers for blind people ?

    See you !


Viewing 10 replies - 1 through 10 (of 10 total)
Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘[Plugin: Admin username changer] Security issue’ is closed to new replies.