Title: [Plugin: User Switching] Hole security ? Last modified: August 19, 2016 --- # [Plugin: User Switching] Hole security ? * Resolved [mcarballo](https://wordpress.org/support/users/mcarballo/) * (@mcarballo) * [15 years, 9 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/) * Firstly thank you for your plugin! I tested it and it allows me to solve a problem after I upgraded to WPMU 2.9.2 to WP 3.0.1 (Mulitisite) : provide an opportunity for a blog admin to edit the user profile of other users of the blog. Your plugin gives me this opportunity and even more … * However, it also something that seems to me dangerous : allow an admin to switch to the profile of a superadmin if he is declared User Blog! * Is this normal and wanted? And would you have a solution to prevent it? * Thank you in advance for your reply * [http://wordpress.org/extend/plugins/user-switching/](http://wordpress.org/extend/plugins/user-switching/) Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [John Blackbourn](https://wordpress.org/support/users/johnbillion/) * (@johnbillion) * WordPress Core Developer * [15 years, 9 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/#post-1663343) * Thanks mcarbello, this is something I haven’t considered with the new multisite functionality in WP3.0. I’ll look into a fix in the next couple of days. * Thread Starter [mcarballo](https://wordpress.org/support/users/mcarballo/) * (@mcarballo) * [15 years, 9 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/#post-1663348) * Thanks you ! I’m waiting for your fix… * Thread Starter [mcarballo](https://wordpress.org/support/users/mcarballo/) * (@mcarballo) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/#post-1663533) * What about your fix ? * May be this post can help you : * If you use it, replace the “edit-themes” capability by this one : “manage_options” * See this post for more information : * [http://wordpress.org/support/topic/capability-manage_options-vs-edit_themes?replies=5](http://wordpress.org/support/topic/capability-manage_options-vs-edit_themes?replies=5) * What do you think about this ? * Thread Starter [mcarballo](https://wordpress.org/support/users/mcarballo/) * (@mcarballo) * [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/#post-1663547) * No news ? * Plugin Author [John Blackbourn](https://wordpress.org/support/users/johnbillion/) * (@johnbillion) * WordPress Core Developer * [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/#post-1663551) * Hey mcarbello, I’ve just updated the plugin (to 0.3.1) to fix this issue. * John Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘[Plugin: User Switching] Hole security ?’ is closed to new replies. * ![](https://ps.w.org/user-switching/assets/icon.svg?rev=3193956) * [User Switching](https://wordpress.org/plugins/user-switching/) * [Frequently Asked Questions](https://wordpress.org/plugins/user-switching/#faq) * [Support Threads](https://wordpress.org/support/plugin/user-switching/) * [Active Topics](https://wordpress.org/support/plugin/user-switching/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/user-switching/unresolved/) * [Reviews](https://wordpress.org/support/plugin/user-switching/reviews/) * 5 replies * 2 participants * Last reply from: [John Blackbourn](https://wordpress.org/support/users/johnbillion/) * Last activity: [15 years, 6 months ago](https://wordpress.org/support/topic/plugin-user-switching-hole-security/#post-1663551) * Status: resolved