[Plugin: Multipost MU] Security hole

  • I noticed this evening that if a user is a subscriber to a blog and a administrator of another on a blog network, then from the admin-able blog they can multipost to the blog they subscribe to and the post actually is save to that other blog, defating the entire wordpress capabilities system.

    It needs to check before posting.

Viewing 1 replies (of 1 total)
  • Plugin Author tmuka

    (@tmuka)

    Hi Tom, thanks for the report, i’ve confirmed that this is currently the case since we’re just using the “get_blogs_of_user” function to populate the list for admin users. We’ll add some user permissions checking in a future release.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Multipost MU] Security hole’ is closed to new replies.