multivendor store sechole?

  • Resolved tsaba123

    (@tsaba123)


    5 years ago

    Hi,

    I found a security hole (maybe?) in the WCFM Marketplace.
    You have user in a Store Vendor role.
    Log in to the Store Manager, you will be in: https://example.com/store-manager/
    Change the url in the browser to: https://example.com/wp-admin/
    TADAaaa!
    You are in the WP admin site. Ok, you have less funtcions. But I don’t want Store Vendors to reach the WP admin menu at all.
    Thanks.
    BR,
    Csaba Szilagyi

    • This topic was modified 5 years ago by tsaba123.
Viewing 1 replies (of 1 total)
  • Plugin Author WC Lovers

    (@wclovers)

    Hi,

    Please go to WCFM Capability settings as Admin.

    Set OFF “wp-admin (backend)” option.

    Hence, vendors will not able to access wp-admin area

    Thank You

Viewing 1 replies (of 1 total)
  • The topic ‘multivendor store sechole?’ is closed to new replies.