Support » Plugin: Shortcode Manager » [Plugin: Shortcode Manager] Suggest increasing edit_pages to update_core

  • Hola Matt,

    Thanks for sharing this plugin.

    You filter the menu item based on the permission edit_pages. In my opinion, that is too low a permission. This means anyone with editor level permissions can run any PHP, javascript or other code almost anywhere on the site. That’s a *massive* security risk. In my opinion, this should be restricted to only the highest level admin on the blog.

    I recommend instead of using edit_pages you use update_core. This requires only a single change of edit_pages to update_core on line 76 of index.php.

    Love & joy – Callum.

    http://wordpress.org/extend/plugins/shortbus/

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: Shortcode Manager] Suggest increasing edit_pages to update_core’ is closed to new replies.