Your plugin makes life easy for hackers because you do not use security nonce tokens.
Also, the plugin sends you an email each time the plugin option page is visited, without user agreement, this is spam and forbidden.
Read the codex to learn how to add nonces to your form/ajax.
Btw, all websites do not starts with ‘http://www.’, check “parse_url()” php function.
Also, check $wpdb->update() function.
Last, what is JS is not activated, like on Screen Readers for blind people ?
See you !
- The topic ‘[Plugin: Admin username changer] Security issue’ is closed to new replies.