Title: Security issue
Last modified: July 29, 2022

---

# Security issue

 *  Resolved [seoergoweb](https://wordpress.org/support/users/seoergoweb/)
 * (@seoergoweb)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/)
 * Hi,
    why if I add the ability to create user and edit them to the editor role,
   this role can create administrator?
 * the correct configuration should be that one editor can at most create another
   editor!

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [andrewsupport](https://wordpress.org/support/users/andrewsupport/)
 * (@andrewsupport)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/#post-15876529)
 * Hi,
 * Could you please specify what plugin version you use?
 *  Thread Starter [seoergoweb](https://wordpress.org/support/users/seoergoweb/)
 * (@seoergoweb)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/#post-15876863)
 * Hi, the last one, 1.6.6
 *  Plugin Support [andrewsupport](https://wordpress.org/support/users/andrewsupport/)
 * (@andrewsupport)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/#post-15885018)
 * Hi,
 * There is the feature of the User Role plugin that you can manage existing user
   role capabilities. And you can provide capabilities of administrator for a role
   with any name. So if you don’t want that user with the editor role was able to
   create or edit other users, please don’t provide the editor role with that capability.
 *  Thread Starter [seoergoweb](https://wordpress.org/support/users/seoergoweb/)
 * (@seoergoweb)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/#post-15888080)
 * clear, but it would be logical to think that instead an editor can change the
   roles to similar or subordinate users, but not make an escalation of privileges
   so simply. To me it seems like a real bug, you say it’s a feature? Ok
 *  Plugin Support [andrewsupport](https://wordpress.org/support/users/andrewsupport/)
 * (@andrewsupport)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/#post-15890853)
 * Hi,
 * We will consider the question that you reported, and if we deem it necessary,
   we will make the changes to the plugin.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security issue’ is closed to new replies.

 * ![](https://ps.w.org/user-role/assets/icon-256x256.gif?rev=2580815)
 * [User Role by BestWebSoft - Add and Customize Roles and Capabilities in WordPress](https://wordpress.org/plugins/user-role/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/user-role/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/user-role/)
 * [Active Topics](https://wordpress.org/support/plugin/user-role/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/user-role/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/user-role/reviews/)

## Tags

 * [administrator](https://wordpress.org/support/topic-tag/administrator/)
 * [editor](https://wordpress.org/support/topic-tag/editor/)

 * 5 replies
 * 2 participants
 * Last reply from: [andrewsupport](https://wordpress.org/support/users/andrewsupport/)
 * Last activity: [3 years, 10 months ago](https://wordpress.org/support/topic/security-issue-131/#post-15890853)
 * Status: resolved