Posts page still accessible

  • Hello @miteshsolanki

    Please note that a fully restricted admin user, still has access to the Posts Page.
    /wp-admin/edit.php?post_type=post

    Plugin version 1.1.0

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Mitesh Solanki

    (@miteshsolanki)

    Ok, let me check.

    Plugin Contributor Mitesh Solanki

    (@miteshsolanki)

    @tanohex I have fixed that.

    Thread Starter Tano

    (@tanohex)

    @miteshsolanki Thanks for the fix, however I’ve found an issue.
    You will still be able to access the Posts Page, if you manipulate the URL, like this:

    /wp-admin/edit.php?.post_type=post
/wp-admin/edit.php?_post_type=post
/wp-admin/edit.php?/post_type=post
/wp-admin/edit.php/?/post_type=post

    Also, other sections ca be manipulated too, like:

    /wp-admin/post-new.php?_post_type=page
/wp-admin/post-new.php?/post_type=project

    Note the . _ / added to the string ?.
    Happens with almost all URLs that have the format:
    /wp-admin/something.php?somethingelse

    We can count this as a big issue.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Posts page still accessible’ is closed to new replies.