[wp-hackers] Critical WP Flaw?

Rob Miller r at robm.me.uk
Thu Jul 27 11:23:06 GMT 2006


Ryan Boren wrote:
> If you're relying on the cap/level check provided when you register a 
> menu/submenu, that will cover most plugins. 
And just to add that if you combine capped/levelled admin menus with 
nonce checks, you largely avoid any methods of getting your form actions 
to execute for non-privileged users, even if they're in files separate 
to the admin menus.

-- 
Rob Miller
http://robm.me.uk/ | http://kantian.co.uk/



More information about the wp-hackers mailing list