Make WordPress Core

Opened 7 months ago

Closed 7 months ago

Last modified 7 months ago

#48856 closed defect (bug) (invalid)

Administration Email Verification allows users to update main admin email address

Reported by: bublitzcreative Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.3
Component: Users Keywords: close
Focuses: administration Cc:


Some of my users have admin roles. When one of them got their first "Administration Email Verification" email, they were able to use the link to change MY email address.

Attachments (1)

admin-email.jpg (144.5 KB) - added by bublitzcreative 7 months ago.
Shows you how a user was able to change my email address

Download all attachments as: .zip

Change History (4)

7 months ago

Shows you how a user was able to change my email address

#1 @knutsp
7 months ago

  • Keywords close added

Hello @bublitzcreative

Welcome to Trac and thanks for the ticket!

Beware that any administrator can do and change anything, including edit other users of any role. This has nothing to do with "Administration Email Verification", which is just a warning pointing to the site email set in General Options - not linked to any user.

If those capabilites are undesired - do not appoint them Administrators. If you want more fine grained roles and capabilities, there are plugins for that.

#2 @johnbillion
7 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

#3 @SergeyBiryukov
7 months ago

  • Component changed from Administration to Users
  • Focuses administration added
  • Severity changed from major to normal
Note: See TracTickets for help on using tickets.