[wp-trac] Re: [WordPress Trac] #3410: Security : wp-admin/users.php
No role user can list all wp users
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 30 10:47:02 GMT 2006
#3410: Security : wp-admin/users.php No role user can list all wp users
------------------------------------------+---------------------------------
Reporter: devil1591 | Owner: westi
Type: defect | Status: assigned
Priority: highest | Milestone: 2.1
Component: Security | Version: 2.1
Severity: critical | Resolution:
Keywords: security users.php has-patch |
------------------------------------------+---------------------------------
Changes (by westi):
* keywords: security users.php => security users.php has-patch
* status: new => assigned
* version: => 2.1
* owner: anonymous => westi
Comment:
Confirm this works on trunk.
Attaching simple patch which just blocks you accessing users.php as I
can't see a need for someone without edit_users accessing it.
--
Ticket URL: <http://trac.wordpress.org/ticket/3410#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list