I had Dean at ecomwebstore.com built a custom mod in March 0f 2016 to be able to edit products on the fly. It is supposed to show a "Edit Product" button (if you are logged into the admin) so that you can easily edit products. It has been working great - until today - now this button shows up and you can edit any product and you do not have to be logged in. As soon as you click the "Edit Product" button you are taken into the admin, no login necessary.

Obviously this is creating a huge security issue.

I've sent the contact form at ecomwebstore.com -- but does anyone know how to get in touch with Dean quickly? Or has anyone had this issue and found a solution. It was a custom mod in 2016, but they are now selling it on their website.

Thanks!

If it let you in the admin, without logging in, are you certain you weren't already logged in?
Perhaps try with a browser you never use to see what's happening.
I would be surprised if it let a customer into your admin without logging in.

In the end, if it's not working, you will want to remove it, or get Dean to address the issue.

David

I've tried with incognito browsers - I've tried 3 different browsers - all let me in. The client notified me because one of their customers contacted them to alter them about it - they definitely were not logged in.

I would take the code down from the proddetail page.
Hopefully it's commented so you know what to remove.

Thanks
David

I did take down the code. Now I'm trying to get in touch with Dean. He answered me once yesterday and just said maybe I'm still logged in somehow. I emailed him back to explain, but still haven't heard back from him. I wish there was a phone number to call for support. Does anyone know where he is located - I'm wondering if it's a time zone difference. I am in US Central Time.

Thanks,

I'm pretty sure he has a store that sells Texas items..
At least you were able to remove the code...

Thanks,
David