Security Vulnerability

  • Resolved loopforever

    (@loopforever)


    4 years, 1 month ago

    Hello,
    I think there may be a security vulnerability in the plugin. I wanted to ask you.
    Login url also appears on links sent to email addresses in various transactions.
    For example,
    I am using Dokan Vendor Staff Manager module. Imagine that your store has a new staff member added. He writes an e-mail address here. Personnel can create their password from the link sent to this e-mail address. So far there is no problem. However, in this link sent to the mail address, the “Login Url” address of the web page is also written. For example,

    User name:XXX
    To set your password, visit:
    https://www.wordpress.com/wp-login/?action=rp&key=R4

    As you can guess here, the wp-login part is “Login Url”. So I can see them in the e-mail address. Of course, so is the staff.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hello @loopforever,

    Thank you for reaching us out. Dokan uses the default WordPress’s default welcome email template. You can use the plugin like SB Welcome Email Editor to modify the default welcome email template and remove the information you want. Also, if you are looking to modify the template manually then you can check here.

    We will try to improve this in our future release.

    Kind Regards,

    Thread Starter loopforever

    (@loopforever)

    Okay. Thank you. I am going to follow update.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Vulnerability’ is closed to new replies.