[Plugin: Shortcode Manager] Suggest increasing edit_pages to update_core
-
Hola Matt,
Thanks for sharing this plugin.
You filter the menu item based on the permission edit_pages. In my opinion, that is too low a permission. This means anyone with editor level permissions can run any PHP, javascript or other code almost anywhere on the site. That’s a *massive* security risk. In my opinion, this should be restricted to only the highest level admin on the blog.
I recommend instead of using edit_pages you use update_core. This requires only a single change of edit_pages to update_core on line 76 of index.php.
Love & joy – Callum.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘[Plugin: Shortcode Manager] Suggest increasing edit_pages to update_core’ is closed to new replies.