Skip to:
Content
Pages
Categories
Search
Top
Bottom

Huge Security Hole with wp-admin?


  • JsonB123
    Participant

    @jsonb123

    15 years, 6 months ago

    I just registered new test accounts on my BuddyPress site and after I get the email activations and login, I can login to wp-admin with these “subscriber” accounts and change EVERYTHING on the back-end!

    I look at user roles and they are still “subscribers” but the bar at the top says “Hi admin! You’re logged in as a site administrator.” What is going on here?! I know I installed BuddyPress correctly.

    Using WPMU 2.7.1, BuddyPress 1.0 and BBPress alpha 6.

Viewing 2 replies - 1 through 2 (of 2 total)

  • seppolaatle112
    Participant

    @seppolaatle112

    15 years, 6 months ago

    If you are sure you installed Buddypress correctly, you need either some sleep or maybe some coffee.

    This is not some bug in Buddypress. Are you sure you didnt register a blog with the account, and that the backend you see belongs to this blog? It is quite clear that members are administrators on their own blog. Can you see the Buddypressmenu in your menu to the left after logging in?


    hyrxx
    Participant

    @hyrxx

    15 years, 6 months ago

    hi admin is your main admin account, your still logged in, try using firefox for your main account (admin) and use a different browser to test other registrations and logins

    this might help separate the confusion for you, i also use this method sometimes as cookies are separate between browsers ;)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Huge Security Hole with wp-admin?’ is closed to new replies.

Topic Info

Topic Tags

Skip to toolbar