Support » Plugin: WP Dashboard Notes » Security issue

  • turpin

    (@turpin)


    This was great and I’ve used it for some time BUT I recently created a photo library where photographers could create accounts and upload pictures and although the wordpress dashboard is hidden from them, WP Dashboard Notes was not and revealed the mosts sensitive data that I had stored including Amazon S3 server logins and paypal account information.

    BEWARE of using this for anything at all sensitive or secure…it’s not.

    It’s not just admins that can see the notes, all users can!!!!

Viewing 1 replies (of 1 total)
  • Plugin Author Jeroen Sormani

    (@sormano)

    Hi @turpin,

    If you’re having any concerns or issues with the plugin, please feel free to create a support thread to get assistance.

    Dashboard notes are stored as a custom post type, but are not publicly accessible in general. It could be your user role for those users did have the needed permissions to view them, even though the dashboard is not available for them.

    Note that no data is encrypted in any way – storing sensitive data like that is strongly advised against doing.

    Cheers,
    Jeroen

Viewing 1 replies (of 1 total)
  • The topic ‘Security issue’ is closed to new replies.