Replies: 0
Hi everyone,
Had a weird scenario reported recently.
We’re running the latest versions of WooCommerce & WordPress.
User A – Has had a WordPress account since April 2019 following them placing an order. I assume they created the account during checkout. Their account is created with the Customer user role, as expected.
User B – Placed an order Jan 2021. They checked out as a guest and never created an account.
In the last few weeks, User B attempted to reset the password on their WordPress account they don’t actually have (they checked out as a guest) using the using forgotten password process on the front end of the website. At this point, they get an email with user A’s username. They get logged in and it’s User A’s account. They email in a panic (fair enough) as they are wondering why they are seeing user A’s username etc.
Any thoughts how on earth User B’s email address would end up on User A’s WordPress account, or where to start diagnosing this? Bear in mind User B never actually had a WordPress account. They only had an order.
Ideally you’d look at the last updated on/by date on the user account of User A for some clues, but from what I can see WordPress doesn’t record this data.
I’m reasonably sure this isn’t a hack scenario, as both users are genuine customers. It feels more like a bug or sync issue.
We use MC4WP which syncs users with Mailchimp… could be something there. Or maybe caching?
Thanks