The cache maintenance is admin-only, but the links on the pages/posts list are shown to every editor. Since the link points to the admin page which needs capability manage_options – this functionality is limited to admin. (I think this is a major design flaw and therefore I’m working on a patch for that as well, but this one is just to make the plugin consistent)
Before outputting the link to clear the cache of that page a check should be done.
PATCH AVAILABLE: http://bit.ly/YlXchr
- The topic ‘Incorrect Capability checks (PATCH AVAILABLE)’ is closed to new replies.