Vulnerability in WordPress

  • Unknown's avatar
    codyboychuk · Member ·

    Why have you not addressed this problem. I always thought that I has Keymaster role in WordPress so if I add another Admin as a freelancer, but now I realize that that was only a Buddy Press feature that is still available after deleting the plugin.

    See this URGENT http://wpmasteradmin.com/

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    christineoakfield · Member ·

    @codyboychuk,

    I am not sure I understand what your concern. Keymaster is a Buddypress role.

    Buddypress isn’t available on WordPress.com in most plans. You may (new) be able to use it as a plugin with the Business Plan.

    Could you please clarify your concern?
    Also please advise on the full URL of your site. Thank you.

  • Unknown's avatar
    codyboychuk · Member ·

    The vulnerability is that if the owner of the wordpress site hires an unscrupulous freelancer or someone who doesnt know what they are doing, the way WP has it now, the owner does not have any Keymaster Priviledge protection where a freelancer or other added user as Administrator could delete data, plugins, etc leaving the owner without his or her data. WP needs to add a keymaster role that can only be applied to 1 person, the site Admin.

    I found this plugin that explains everything that WP needs to integrate into future updates.

    >>>> http://wpmasteradmin.com/

  • Unknown's avatar
    codyboychuk · Member ·

    There is also another vulnerability where a freelancer can install a plugin that gives them access to the site owners cpanel where they could also cause problems.

  • Unknown's avatar
    codyboychuk · Member ·

    I am not tallking about Buddy Press. I am talking about Word Press. They need to fix this asap.

  • Unknown's avatar
    christineoakfield · Member ·

    This is a forum for WordPress.com site support. I believe you are in the wrong area. Sites here are hosted by WordPress.com you are referring to self-hosted WordPress.org sites.

    Plugins aren’t even allowed on most plans, here. cpanel? – not here.

    The following guide outlines the differences between what WordPress.com here does and the installation that you have with WordPress.org:
    https://en.support.wordpress.com/com-vs-org/

    Support on these forums is for support for WordPress.com only.

  • The topic ‘Vulnerability in WordPress’ is closed to new replies.