WordPress.org

Ready to get started?Download WordPress

Forums

User Switching
[resolved] Hole security ? (6 posts)

  1. mcarballo
    Member
    Posted 3 years ago #

    Firstly thank you for your plugin!
    I tested it and it allows me to solve a problem after I upgraded to WPMU 2.9.2 to WP 3.0.1 (Mulitisite) : provide an opportunity for a blog admin to edit the user profile of other users of the blog.
    Your plugin gives me this opportunity and even more ...

    However, it also something that seems to me dangerous : allow an admin to switch to the profile of a superadmin if he is declared User Blog!

    Is this normal and wanted? And would you have a solution to prevent it?

    Thank you in advance for your reply

    http://wordpress.org/extend/plugins/user-switching/

  2. John Blackbourn
    Member
    Plugin Author

    Posted 3 years ago #

    Thanks mcarbello, this is something I haven't considered with the new multisite functionality in WP3.0. I'll look into a fix in the next couple of days.

  3. mcarballo
    Member
    Posted 3 years ago #

    Thanks you !
    I'm waiting for your fix...

  4. mcarballo
    Member
    Posted 3 years ago #

    What about your fix ?

    May be this post can help you :

    If you use it, replace the "edit-themes" capability by this one : "manage_options"

    See this post for more information :

    http://wordpress.org/support/topic/capability-manage_options-vs-edit_themes?replies=5

    What do you think about this ?

  5. mcarballo
    Member
    Posted 3 years ago #

    No news ?

  6. John Blackbourn
    Member
    Plugin Author

    Posted 3 years ago #

    Hey mcarbello, I've just updated the plugin (to 0.3.1) to fix this issue.

    John

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic