Support » Plugin: Admin Menu Editor » Horrendous security flaw

  • Hi

    Are you aware that when used with Woocommerce and Woocommerce Subscriptions the subscribers can see the entire backend of wordpress with ALL access to subscriptions lists, woocommerce payments, all user accouts etc etc?

    Pretty big flaw dont you think?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Janis Elsts

    (@whiteshadow)

    Thank you for the report. Does this affect the free version or the Pro version? If it’s an issue with the Pro version, it’s unfortunately against wordpress.org forum rules to use the forum to provide support for paid plugins. Please use the contact form instead (and make sure someone hasn’t accidentally enabled some admin-only menus for the subscriber role).

    On the other hand, if this is happening with the free version, could you please provide some more details to help figure out what’s causing the issue?

    • Did this start happening immediately after installing the plugin, or after changing some settings? If it’s the latter, what settings were changed?
    • Does loading the default menu make any difference?
    • If you deactivate AME, do subscriber permissions go back to normal while the plugin is inactive?

    Hi Janis
    Its the Pro version but we actually inherited the half built platform and we finished it inhouse so we dont have support for the pro version, the original developers implemented it. We will or coarse buy our own licience.

    Deactivating AME doesnt reset the permissions.

    Plugin Author Janis Elsts

    (@whiteshadow)

    This applies to both the free version and the Pro version: If deactivating AME doesn’t change anything then the problem is probably not related to this plugin. All of the changes that this plugin makes to the admin menu and role permissions only stay in effect while the plugin is active. It doesn’t make any permanent modifications.

    If you need help with the Pro version, please use the contact form.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.