Security issue

  • Resolved seoergoweb

    (@seoergoweb)


    2 years, 3 months ago

    Hi,
    why if I add the ability to create user and edit them to the editor role, this role can create administrator?

    the correct configuration should be that one editor can at most create another editor!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support andrewsupport

    (@andrewsupport)

    Hi,

    Could you please specify what plugin version you use?

    Thread Starter seoergoweb

    (@seoergoweb)

    Hi, the last one, 1.6.6

    Plugin Support andrewsupport

    (@andrewsupport)

    Hi,

    There is the feature of the User Role plugin that you can manage existing user role capabilities. And you can provide capabilities of administrator for a role with any name. So if you don’t want that user with the editor role was able to create or edit other users, please don’t provide the editor role with that capability.

    Thread Starter seoergoweb

    (@seoergoweb)

    clear, but it would be logical to think that instead an editor can change the roles to similar or subordinate users, but not make an escalation of privileges so simply. To me it seems like a real bug, you say it’s a feature? Ok

    Plugin Support andrewsupport

    (@andrewsupport)

    Hi,

    We will consider the question that you reported, and if we deem it necessary, we will make the changes to the plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security issue’ is closed to new replies.