Reply To: Big security issue ...

security is hard to guarantee, specially on wordpress's front end... the main rule to have in mind would be "never trust data coming from the front end".

about, resolving the issue, do you think that if i compare $config['user_id'] with wp_get_current_user() ' s ID inside your "rwmb_profile_validate" filter and return false if they don't match would do the trick ?