[Plugin: User Role Editor] Editor can Edit Admin!!
Thanks for version 2, but still there is a security hole:
I gave Editor ability to see & edit users
When I edit user, this is the url:
If I change the user_id from 20 to 1 (the admin id) I can edit the admin user level and set it to editor and below.
- The topic ‘[Plugin: User Role Editor] Editor can Edit Admin!!’ is closed to new replies.