WordPress.org

Ready to get started?Download WordPress

Forums

Simple History
[resolved] Wrong capability for settings menu (3 posts)

  1. Hassan
    Member
    Posted 1 year ago #

    Hello,

    I noticed this plugins requires the capability edit_pages for access to its settings page. Is there any reason for this? Otherwise, all settings/options pages should require the capability manage_options because that's what this capability is there for.

    Currently, non-admin users can easily mess with the plugin's settings because they have the edit_pages capability. I think you might need to address this.

    http://wordpress.org/extend/plugins/simple-history/

  2. Pär Thernström
    Member
    Plugin Author

    Posted 1 year ago #

    thanks for finding and reporting this! i just updated the plugin to fix this.

  3. Hassan
    Member
    Posted 12 months ago #

    Hey, Pär. I just noticed that the History page under the Dashboard menu is also requiring the capability edit_pages. I suggest you change it as well; browsing the history and seeing who did what should be a task of admins only.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic