I just logged in to one of our sites under different account levels (editor, author, contributor) to test security, and noticed that this plugin is still accessible to “contributors” (I haven’t tried the lowest account level of “subscriber” yet, hopefully it’s not accessible to them too). It’s not a big problem, but a “contributor” doesn’t even have access to the media folder in the back-end, therefore I don’t think that they should be allowed access to this plugin either (this was the only plugin, except one other plugin, which allowed access to contributors).
Hoping this feedback helps and that this bug? / potential security issue? can be plugged soon (I love this plugin btw). Thanks for all your work on this great plugin,
PS: We are using the latest version of WordTube, v 2.4.0)
- The topic ‘[Plugin: wordTube] Possible Bug or security issue? – access is allowed to contributors’ is closed to new replies.