Posted 8 months ago #
Hi!
I have just noticed that a single user with suscriber level can see multimedia pannel when he logs in my blog. Although he has the option to delete the images, when tryes the file is not erased, buy however, he can upload files. I thought the first level with this right is author.
I have tried to deactivate all the pluggins but the problem still is there.
Any idea?
Thank you
Have you tried:
- switching to the Twenty Eleven theme to rule out any theme-specific problems.
- resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.
- re-uploading the wp-admin and wp-includes folders from a fresh download of WordPress.
- re-uploading all files & folders - except the wp-content folder - from a fresh download of WordPress.
Posted 8 months ago #
I am going to do it right now.
I would like to know it it happens to anybody else, or if it is only happening to me.
Thank you.
Posted 8 months ago #
Still there.
Look, this is how it is seen.
http://img840.imageshack.us/img840/2152/multimedia.jpg
The screenshot you provided isn't much help. Whatever this is, it is specific to your site. Have you tried logging in as a new subscriber? Can you also upload media files as a subscriber?
Posted 8 months ago #
Yes, this is what you see in my blog when you register as a normal user (suscriber). There are 2 choices available. First is the multimedia library. You can see the pictures and the delete option is enabled, although I have tried to delete a picture and it doesn't work (any message but the picure is still there).
But uploading images works. I don't want any user having this right.
That's not standard or correct. My gut instinct here is that you may have been hacked at some point. It certainly would not hurt to assume so and to go through all of the relevant clean-up steps:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Posted 8 months ago #
I have made a fresh install and changed plugins with an emty folder. I don't think my blog is hacked.
Anyway I will review indetail the information you sent me.
I have decided to fix the problem on my own.
File wp-admin/menu.php
[Code moderated]
Fixed!
Never modify core files.
You must log in to post.
