Description:
I create an event: 
CREATE DEFINER=`root`@`localhost` EVENT `update_user_password` ON SCHEDULE AT current_timestamp + interval 1 minute DO 
update mysql.user set password_expired='Y' where user='test';
update test.users set id=id+1 where username='bar';|

after one minute:
1.using single mysql server:  user 'test' must reset his password after login seccess.

2.using master-slave module: user 'test' could login seccess and without need to reset password. at the same time,the column password_expired of mysql.user is "Y".

How to repeat:
The following is using master-slave module sql execuse result:

Server version: 5.7.21-log MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

[test@localhost (none)] >show grants;
+---------------------------------------------------+
| Grants for test@localhost                         |
+---------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' |
+---------------------------------------------------+
1 row in set (0.00 sec)

[test@localhost (none)] >select user,password_expired from mysql.user;
+---------------+------------------+
| user          | password_expired |
+---------------+------------------+
| root          | N                |
| mysql.session | N                |
| mysql.sys     | N                |
| root          | N                |
| ssl_user      | N                |
| test          | Y                |
+---------------+------------------+
6 rows in set (0.00 sec)

[test@localhost (none)] >select current_user();
+----------------+
| current_user() |
+----------------+
| test@localhost |
+----------------+
1 row in set (0.00 sec)

[test@localhost (none)] >use test;
Database changed
[test@localhost test] >show grants;
+---------------------------------------------------+
| Grants for test@localhost                         |
+---------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' |
+---------------------------------------------------+
1 row in set (0.00 sec)

[test@localhost test] >
[test@localhost test] >
[test@localhost test] >
[test@localhost test] >
[test@localhost test] >select * from users;
+----+----------+----------------------------------+----------------+-------+------------+--------------------+
| id | username | password                         | email          | flags | cas_column | expire_time_column |
+----+----------+----------------------------------+----------------+-------+------------+--------------------+
|  1 | foo      | ffffffffffffffffffffffffffffffff | foo@domain.com |     0 |          0 |                  0 |
|  4 | bar      | bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb | bar@domain.com |     0 |          0 |                  0 |
+----+----------+----------------------------------+----------------+-------+------------+--------------------+
2 rows in set (0.00 sec)

[test@localhost test] >\q

Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at https://dev.mysql.com/doc/mysql-security-excerpt/5.7/en/privilege-changes.html

Quoting manual "If you modify the grant tables directly using statements such as INSERT, UPDATE, or DELETE (which is not recommended), your changes have no effect on privilege checking until you either restart the server or tell it to reload the tables. If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes seem to make no difference!"..

Thanks,
Umesh