Description
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.
Remediation
References
Related Vulnerabilities
WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.1.6)
WordPress Plugin Easy Custom Sidebars Unspecified Vulnerability (1.0.1)
WordPress Plugin WP Social Bookmarking Light Cross-Site Scripting (1.7.9)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)