Critical security issue

  • Hello team,

    I’ve encountered a serious security issue: After a customer clicks on the button for “manage account” or “cancel booking” in a mail, she/he gets automatically logged in to an admins account and therefore is able to manage the whole WordPress backend.

    Do you know how to fix this issue?

    Thanks in advance!

Viewing 4 replies - 1 through 4 (of 4 total)

  • I needed to create a separate account without admin privileges to solve this.

    Thread Starter fuxteufelsweb

    (@fuxteufelsweb)

    @jles77 Thank you for your reply! How do you mean “create a separate account”? Is this all I have to do? Just create this account an that’s it? Do I have to do something special with this additional account?

    Thanks in advance for your response!

    You se this account to manage all the booking, not your admin account.
    You will also need to download a ‘roles’ plugin and give the new account specific salon privileges to manage the bookings.

    I used the plugin called User Role editor
    https://www.role-editor.com/

    and assigned Salon_staff to the user

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Critical security issue’ is closed to new replies.