WordPress.org

Ready to get started?Download WordPress

Forums

uCan Post
Do not run the plugin! Security issue! (2 posts)

  1. ninetienne
    Member
    Posted 2 years ago #

    The plugin is facing serious security issue.

    After it's activated, all subscribers have "Media" tab in their dashboard, allowing to upload and see all the media files.

    Even if you deactivate and uninstall the plugin, they can still get access to the Media library.

    See more here:

    http://wordpress.org/support/topic/plugin-wp-hide-dashboard-media-tab-still-visible

    No support from the developer though!

    How do you actually hide the Media library from subscribers now?!

    http://wordpress.org/extend/plugins/ucan-post/

  2. cartpauj
    Member
    Plugin Author

    Posted 2 years ago #

    If you do not want users to have access to media, please find lines in the ucan-post-class.php file:

    $role = get_role('contributor');
          $role->add_cap('upload_files');
          $role = get_role('subscriber');
          $role->add_cap('upload_files');
          $role->add_cap('unfiltered_html');

    Change them to this:

    $role = get_role('contributor');
          $role->remove_cap('upload_files');
          $role = get_role('subscriber');
          $role->remove_cap('upload_files');
          $role->remove_cap('unfiltered_html');

    After changing these lines you will need to de-activate and re-activate the plugin before it will take affect.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags