#48856 closed defect (bug) (invalid)
Administration Email Verification allows users to update main admin email address
Reported by: | bublitzcreative | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.3 |
Component: | Users | Keywords: | close |
Focuses: | administration | Cc: |
Description
Some of my users have admin roles. When one of them got their first "Administration Email Verification" email, they were able to use the link to change MY email address.
Attachments (1)
Change History (4)
#1
@
5 years ago
- Keywords close added
Hello @bublitzcreative
Welcome to Trac and thanks for the ticket!
Beware that any administrator can do and change anything, including edit other users of any role. This has nothing to do with "Administration Email Verification", which is just a warning pointing to the site email set in General Options - not linked to any user.
If those capabilites are undesired - do not appoint them Administrators. If you want more fine grained roles and capabilities, there are plugins for that.
Note: See
TracTickets for help on using
tickets.
Shows you how a user was able to change my email address