Security Issue: "Editor" can access Adminer

Hi Armin.
Can you describe this. The menu was only added for users, there have the rights unfiltered_html, on default a capability only for Admins. The access without the menu item was also checked for this capability.

Can you check your roles, that it not have this applicability? This is easy possible via the plugin Members.

I also just noticed this.

Not sure what you mean by “describe this” in you reply to the original reporter but all you have to do is login as a editor and you will see the link under Tools.

Editors have the unfiltered_html capability as well: https://make.www.ads-software.com/core/handbook/testing/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html

Mayb is a good ide to switch to import, a capability to import data in the database.

Hello there,
I have the opposite problem: I need to give an editor the access to Adminer.
How can I do?
Thanks!