[wp-trac] [WordPress Trac] #19684: Users list 'Change role to' allows for changing logged-in Admin role to Subscriber
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 29 16:23:14 UTC 2011
#19684: Users list 'Change role to' allows for changing logged-in Admin role to
Subscriber
--------------------------+-----------------------------
Reporter: raamdev | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.3
Severity: normal | Keywords:
--------------------------+-----------------------------
While it's not possible for an Administrator to change his or her own role
to Subscriber from the Edit Profile page (the drop-down doesn't exist for
logged-in Admins), it is possible to change your own role to Subscriber
from within the Users list by using the 'Change role to...' drop-down.
This would allow an Administrator to inadvertently lock themselves out of
WordPress if they forget to uncheck their account in the list when making
bulk updates.
To recreate this issue, first create an additional Administrator account
so you can get back in. Then from the Users list, select your current
Administrator account (i.e., the one you're logged in with) and then
choose 'Change role to' -> Subscriber.
You'll immediately be kicked out of the Admin panel. (Now you can login
with the other Admin account and change your role back to Administrator.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19684>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list