settings currently open to user-role author

  • Resolved jonny-s

    (@jonny-s)


    3 years, 3 months ago

    Hi,

    I just noticed, that with user-role author, I’m able to access in dashboard settings/WPP → Tools, where I can change some settings of the plugin. This should not be possible for such a basic user-role. Please secure theses settings and the debug-info too, as it contains security-relevant information.

    Thanks.

    • This topic was modified 3 years, 3 months ago by jonny-s.
    • This topic was modified 3 years, 3 months ago by jonny-s.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Hector Cabrera

    (@hcabrera)

    Hi @jonny-s,

    I just noticed, that with user-role author, I’m able to access in dashboard settings/WPP → Tools, where I can change some settings of the plugin. This should not be possible for such a basic user-role.

    Aside from allowing authors to change a few design related settings (like thumbnail-related options, for example), authors cannot do much more than that. Unless you’re talking about something else?

    … and the debug-info too, as it contains security-relevant information.

    Which info do you deem as “security-relevant” though? The plugin only lists information about PHP & its modules, active plugins, and that’s about it. How would that compromise the security of a website?

    Plugin Author Hector Cabrera

    (@hcabrera)

    Marking as resolved due to inactivity.

    OP please feel free to leave a comment below if you have any further comments / questions / suggestions about this matter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘settings currently open to user-role author’ is closed to new replies.