I noticed this plugins requires the capability edit_pages for access to its settings page. Is there any reason for this? Otherwise, all settings/options pages should require the capability manage_options because that’s what this capability is there for.
Currently, non-admin users can easily mess with the plugin’s settings because they have the edit_pages capability. I think you might need to address this.
Hey, Pär. I just noticed that the History page under the Dashboard menu is also requiring the capability edit_pages. I suggest you change it as well; browsing the history and seeing who did what should be a task of admins only.
Viewing 2 replies - 1 through 2 (of 2 total)
The topic ‘Wrong capability for settings menu’ is closed to new replies.