the 'edit_users' capability also allows 'promote_users'
|Reported by:||ew_holmes||Owned by:|
I have found an issue where I have created a Support role in order to have a user make changes to basic user information. What I noticed was that the capability 'edit_users' allows said User (role) to promote users to any role - including admin! I tried removing the cap 'promote_users' and it does nothing.
'read' => true,
'edit_feedback' => true,
'edit_others_feedback' => true,
'list_users' => true,
'edit_users' => true
Change History (5)
comment:4 @chriscct7 — 2 months ago
- Keywords 2nd-opinion removed
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Severity changed from major to normal
- Status changed from new to closed
- Version changed from 3.4.1 to 3.4