Type of bug

Exploit

/ess version output

[12:24:27 INFO]: Server version: 1.16.5-R0.1-SNAPSHOT git-Purpur-967 (MC: 1.16.5)
[12:24:27 INFO]: EssentialsX version: 2.19.0-dev+101-0668e4c
[12:24:27 INFO]: LuckPerms version: 5.2.76
[12:24:27 INFO]: Vault version: 1.7.3-b131
[12:24:27 INFO]: EssentialsXChat version: 2.19.0-dev+101-0668e4c
[12:24:27 INFO]: EssentialsXSpawn version: 2.19.0-dev+101-0668e4c
[12:24:27 INFO]: Fetching version information...
[12:24:27 INFO]: You're 3 EssentialsX dev build(s) out of date!
[12:24:27 INFO]: Download it here: https://essentialsx.net/downloads.html

Server startup log

https://paste.gg/p/anonymous/4ace0eb27e7841e98e712e779d08b4b1

EssentialsX config files

//

Error log (if applicable)

No response

Bug description

When a staff member is vanished using essentials /ev or supervanish /sv, regular players can "test" if they are online by using /pay. If they are online but vanished the transaction goes through and reveals their presence.

Steps to reproduce

1. Have two players online
2. Have one player vanish
3. Have the other player (without vanish/see vanished player permissions) /pay 10
4. The vanished player receives the money and the sender gets a notification saying "$10 has been sent to <vanished player's name>

Expected behaviour

The sender should not be able to send money to vanished players. The correct message should be "You cannot pay offline users"

Actual behaviour

The transaction goes through even when the recipient is vanished, alerting the sender that the staff member is online but vanished