WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] [bug] Users have access to admin (2 posts)

  1. GJ-tje
    Member
    Posted 6 years ago #

    I got a message today from a friend of mine.
    He reported that he could enter the admin and (de-)activate plugins! He could do this as a guest (!!) and as a subscriber.

    I had a plugin, Role Manager, so I deactivated this, and he STILL got access to the admin!

    He could go there by direct url (ie: http://domain.tld/wp-admin/plugins.php) or by the URL on the domain itself (ie: http://domain.tld and clicking on Admin and then on plugins)

    I think this is a very hug security issue!
    I suggest to make a better user rights system!

  2. GJ-tje
    Member
    Posted 6 years ago #

    Never mind, suppose it was a setting from within the role manager plugin!

    My apologies!

    Changed status to resolved...

Topic Closed

This topic has been closed to new replies.

About this Topic