Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#48856 closed defect (bug) (invalid)

Administration Email Verification allows users to update main admin email address

Reported by: bublitzcreative's profile bublitzcreative Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.3
Component: Users Keywords: close
Focuses: administration Cc:

Description

Some of my users have admin roles. When one of them got their first "Administration Email Verification" email, they were able to use the link to change MY email address.

Attachments (1)

admin-email.jpg (144.5 KB) - added by bublitzcreative 5 years ago.
Shows you how a user was able to change my email address

Download all attachments as: .zip

Change History (4)

@bublitzcreative
5 years ago

Shows you how a user was able to change my email address

#1 @knutsp
5 years ago

  • Keywords close added

Hello @bublitzcreative

Welcome to Trac and thanks for the ticket!

Beware that any administrator can do and change anything, including edit other users of any role. This has nothing to do with "Administration Email Verification", which is just a warning pointing to the site email set in General Options - not linked to any user.

If those capabilites are undesired - do not appoint them Administrators. If you want more fine grained roles and capabilities, there are plugins for that.

#2 @johnbillion
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

#3 @SergeyBiryukov
5 years ago

  • Component changed from Administration to Users
  • Focuses administration added
  • Severity changed from major to normal
Note: See TracTickets for help on using tickets.