Custom Fields
Re-Envisioned
Support MB User Profile Big security issue … Reply To: Big security issue …

#14156

Virgile Bedin
Participant

security is hard to guarantee, specially on wordpress’s front end… the main rule to have in mind would be “never trust data coming from the front end”.

about, resolving the issue, do you think that if i compare $config[‘user_id’] with wp_get_current_user() ‘ s ID inside your “rwmb_profile_validate” filter and return false if they don’t match would do the trick ?