Rule 1379 question

  • Resolved Chris

    (@chrishewitson)


    10 years, 9 months ago

    Hi,

    Great plugin, but when I’ve added my custom theme to a new multisite installation, I appear to be in violation of rule 1379 when trying to save theme options, my account is super admin. When I disable the rule, the options save as normal…

    Basically, what am I opening myself up to, if I leave this rule disabled?

    Firewall log shows:

    POST /wp-admin/admin.php – WordPress: possible privilege escalation attempt

    Cheers

    https://ww.wp.xz.cn/plugins/ninjafirewall/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    10 years, 9 months ago

    Hi,

    This rule is a generic one trying to catch privilege escalation. Do you have a GET[‘admin_email’] or POST[‘admin_email’] variable sent by your theme?
    You can disable it, it is not a very important rule.

    Thread Starter Chris

    (@chrishewitson)

    10 years, 9 months ago

    Thanks for the quick reply – yes, we’ve added a field to allow editors to be able to update the admin email without needing to give them access to the main settings of the site. Good to know, cheers.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Rule 1379 question’ is closed to new replies.