Editor given edit user role can promote self to Admin
When a user with Editor role is given the additional capability of edit users– maybe by using a plugin (like Role Manager, the Editor becomes capable of promoting himself to the role of Administrator. This problem was discussed extensively here, and the need for it to be corrected (in the core?) agreed upon.
Anyone know where we stand on this?
- The topic ‘Editor given edit user role can promote self to Admin’ is closed to new replies.