[wp-trac] [WordPress Trac] #42967: New admin email change featuer should be rolled back
WordPress Trac
noreply at wordpress.org
Sat Dec 23 07:06:53 UTC 2017
#42967: New admin email change featuer should be rolled back
-----------------------------+------------------------------
Reporter: johndeebdd | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by mark-k):
@knutsp even if emails can be sent, the admin might have created a user
for a "guest" author without knowing the email, or have done a mistake
while entering it. Now the user can not change it, which is not optimal.
At least in that case he can contact the admin, but what happens if some
previous admin have create a new admin acount and went for a 3 months
sabatical? How will the new admin correct his faulty email address?
It is not great from security POV, but admin users should probably be able
to change their own email address without verification. (as said above,
they probably can do the change directly in the DB, but why to force
people to do such things?)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42967#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list