Comments on: security hole in wordpress-admin-bar under WPMU?

By: Steveoc

Steveoc — Wed, 25 Feb 2009 15:59:12 +0000

I’ll have to check–I assume it would be the case if Andrea noticed it too, but I don’t see it in my installation because I am using the WPMU Menu plugin and have disabled many menus options to simplify the interface. Alternatively, you could disable the top menu bar.

Of course, your hack appears to work!

Nice job spotting that!

By: dnorman

dnorman — Tue, 24 Feb 2009 15:30:59 +0000

yeah, I figured it was probably just the plugins not calling a hook or something, but it’d be safer to just yank the whole site-admin menu for non-admins, just in case a renegade plugin author forgets to do that *cough*themestatsplugin*ahem*

By: Andrea_R

Andrea_R — Tue, 24 Feb 2009 13:00:31 +0000

Oh, okay now I see what you mean. (I spy my theme stats plugin too, awesome.)

Oy vey. That’s not good…