I have the login plugin installed. Two users have logged in. Information about the other user is being accessed.
At first I thought that it was the ‘remember me’ option, so I turned it off. The problem persists.
I realise the information being given here is minimal, I can provide more, or send a zip with the whole site.
The two users are on different PCs, just accessing the site simultaneously.
There should be no reason for cross-over as they should be in different sessions.
Is there any possibility this vulnerability is due to the latest release?
I need help to isolate this problem as it is undesirable for one user to be affected by another
I am one plugin in particular one called persistent-data to store information about a user from session to session. This may be the cause of the problem. But the data should not be available unless the user has logged in. Since I wrote the plugin and I don’t know what’s happening, I can’t ask the developer
Also, if it is this plug-in, then naturally I need to know how to fix it to prevent this security breach.
I think there may be some form of caching problem.