Issue
The site uses Toolset's password recovery shortcode:
[wpv-forgot-password-form]
When a user submits the form, Toolset returns the generic message: "Unknown error."
No password reset email is sent.
However, the native WordPress password reset works correctly:
/wp-login.php?action=lostpassword
Using the exact same email address the password reset email is generated and delivered successfully, and the user can reset the password without any issue.
This confirms that:
- WordPress password reset is working correctly;
- email delivery is working correctly;
- the problem appears to be specific to Toolset's forgot password form.
As a temporary workaround we've replaced the Toolset shortcode with a custom implementation that redirects users to the native WordPress lost password page. However, we use this functionality across several websites, so applying and maintaining this workaround everywhere would be far from ideal. We'd therefore like to understand whether this is a known issue and if there is a recommended fix or a planned update.
Additionally, we noticed that Toolset Access 2.9.4.2 (and the other Toolset plugins we use) haven't received updates for quite some time. Since our installation reports these as the latest available versions, we'd like to ask whether this is expected.
Are these plugins still actively maintained and fully compatible with current WordPress releases, or should we consider any migration or alternative approach for features such as login and password recovery?
Update:
After opening this ticket, I noticed that new Toolset updates had actually been released recently, although they were not initially visible in our installation.
I have now updated all Toolset plugins to the latest available versions:
- Toolset Types 3.6.2
- Toolset Forms 2.6.25
- Toolset Access 2.9.5
- Toolset Views 3.6.21
- Toolset Layouts 2.6.17
Unfortunately, the issue remains exactly the same. The Toolset "forgot password" form still returns "Unknown error", while the native WordPress password reset page (/wp-login.php?action=lostpassword) continues to work correctly with the same user account.
Could you please advise whether this is a known issue or if there is anything else we should check?
I just try to reproduce this with the sandbox site - you can auto-login to it as admin using the follownig link:
- hidden link
You can add a new user with your email and on another browser (as not logged in user) try to access the my account page:
- hidden link
And try to click on the link "Lost your password?":
- hidden link
Add your email and try to get the password reset link (if you do not see it with your email - you can try email log plugin that is already added):
- hidden link
Check if you able to reproduce the issue and if you can please share the same steps that I should follow.
Hi Minesh,
thank you for your sandbox. I tested it as requested. I created a new user with my email address and, from an incognito browser, completed the password reset flow using the Toolset forgot password form.
In the sandbox, the issue does not occur. The form behaves correctly. I did not actually receive the reset email, but I also did not receive the email when creating the user, so I assume email delivery is disabled or limited in the sandbox.
I investigated the request using the browser developer tools in our production website.
The form submits a normal POST request to: /wp-login.php?action=lostpassword
with the expected parameters (user_login, redirect_to, wpv_forgot_password_form, etc.).
The server does not return any HTTP error (no 403 or 500). Instead, it returns a 302 redirect with the following response header:
X-Redirect-By: Toolset
and redirects to: ?wpv_error=user_login
The native WordPress password reset page (/wp-login.php?action=lostpassword) works correctly with the same user account, so WordPress itself is able to generate and send the password reset email without any issue.
Could you please tell me which condition inside Toolset causes the redirect to ?wpv_error=user_login?
Knowing what triggers that specific error would help us understand why Toolset considers the request failed, while the native WordPress password reset works correctly.
Well - as email delivery will be disabled on sandbox but you can check the email logs:
- hidden link
You need to check by desabling all third-party plugins and default theme and see if you able to reproduce the issue with only Toolset plugins active and if that works then you will have to enable third-party plugins one by one in order to find the culprit plugin.