This is a wonderful plugin that opens up great CMS functionalities.
However for my current project I have certain content that is private and not ment to be seen by people outside of a certain group.
It is a project with multiple authors and contributors etc., and today this plugin can be used to mirror content of posts thate are marked private.
The post contributor / editor / author only have to specifiy the correct post ID of a otherwise private post. This is something that can be done by misstakenly specifying a certain post ID, or with mallicious intent using a trial and error approach.
Would it be possible to disable the mirroring functionality only for posts that are marked private?
- The topic ‘[Plugin: Content Mirror] Mirroring private posts, a security issue’ is closed to new replies.