Support » Plugin: Post By Email » Settings page and credentials are accessible by all the authors

  • Hello,

    This is a wonderful alternative for JetPack’s post by email. I am glad that it could also support custom posttypes by a simeple function.

    I think I found a small problem which could cause serious issues on multi-author blogs. The Post-By-Email settings page is available for all the users(I mean authors) in a blog(Not just multisite. Also in single-site installations).

    If the blog/site has multiple authors, an author could see the admin’s email settings and can grab all the email credentials including the password of the admin’s email.

    The page can be restricted by changing the menu permissions. But it could be helpful if there is an option to make the settings page accessible and set permissions per user.

    Thanks!

    http://wordpress.org/plugins/post-by-email/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Update: The settings page is available for not just the authors, also for subscribers 🙂

    Hello Kat,

    Any update about this? Availability of the settings which reveals the sensitive login credentials of mail server could be a serious issue.

    Plugin Author Kat Hagan

    (@codebykat)

    Hi,

    Thanks for checking in on this. This was a bug (the dashboard panel was set to the “read” capability instead of “manage_options”) and has been fixed in the upcoming version of the plugin, slated for release in the next few weeks.

    Then, I hope that works on Multisite installations allowing sub-site admins to use it with no issues.

    By the way, how about suppporting multi-authors(not multisite specific) to configure the “Post By Email”?( I mean author/profile specific)

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Settings page and credentials are accessible by all the authors’ is closed to new replies.