- This topic has 4 replies, 2 voices, and was last updated 1 year, 7 months ago by .
I use mb user profile on one of my site, which is supposed to be a front end form for user profile editing, "front end" , meaning "wild and dangerous" ...
and discovered that you do not verify if the current user submitting the form has the same id as in your hidden input 'user_id'.
So if you simply change the value of hidden input name rwmb_form_config[user_id] with any other id, it saves the meta values on this other user id without a blink ... that is a big big one! you should not at all send this user_id and use it to save the form... i could change the password of another user just by changing user_id to his id...
i am very found of your plugins and use them since many years, but i must say, you need to improve your security measures on the front end ones...
- You must be logged in to reply to this topic.