Home › Forums › WordPress › Web Invoice – Invoicing and billing for WordPress › Security Problem with Web Invoice — in confering access to non Admins
S H Mohanjith.
jcDear great one,
I gave an editor access to web invoice and found out that he could in turn, now, give access to contributors, writers, etc…how can I prevent this, so that only I the admin can grant access to a specific status?
This is a big security problem because someone can change the settings and send out invoices to their paypal account rather than that of my site…
Am I confused…and not understanding how to use this plugin?
S H MohanjithHave you set the “Minimum User Level to Manage web-invoice” in “Web Invoice” -> “Settings” ? I’m unable to reproduce your issue.
Make sure you are running latest version of Web Invoice (and not WP-Invoice).
jcYes I did, that is how I a granted the editor access. I just talked about this also under the issue of capability manager compatability. see mroe there
S H MohanjithAnyone else please see https://www.mohanjith.com/forum/topic.php?id=51
Freelance programmer, web developer, app developer, system administrator with over 5 years experience in PHP, Javascript, Objective-C, Python, Perl, Ruby, Java, C++, system administration and database administration in mission critical environments. Also skills in graphic designing and more. I can provide end to end solutions. I also specialize in open source product deployment and customization.