Access to options set to "add_users" and not to "manage_options"
-
Hi!
I just noticed that permission to access the options menu for the plugin is set to “add_users” in AIOWPSEC_MANAGEMENT_PERMISSION.
I wonder why you did this, but… it has more sense to set it to “manage_options”, because in fact this’s the access to the options menu.
I think this can cause problems on installs where there are some users with capabilities to add users but not to change options. They can change options for your plugin when they have not that capability in their role…
http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Access to options set to "add_users" and not to "manage_options"’ is closed to new replies.