Title: SECURITY ISSUE: Plugin allows subscribers to submit draft posts Last modified: January 21, 2021 --- # SECURITY ISSUE: Plugin allows subscribers to submit draft posts * Resolved [Joost](https://wordpress.org/support/users/jberculo/) * (@jberculo) * [5 years, 2 months ago](https://wordpress.org/support/topic/security-issue-plugin-allows-subscribers-to-submit-draft-posts/) * Warning! This plugin is adding the edit_post capability to subscribers, allowing them to submit new draft posts to your site, as well as seeing your moderation queues. * As of yet, the posts will not actually appear on your blog, but I had to clean dozens of draft posts submitted by spam bots, and they keep coming. * Disabled and will replace plugin. * As a note: I appreciate the work plugin maintainers are putting in plugins like this. What I don’t like is them ignoring problems. I (amongst others) put in a bug report a month ago which renders the plugin useless for many users. If you are not planning to fix these, just give a heads up. We will move on and thank you for your work. But ignoring the issues and then just releasing a new version without addressing the problems is just next level. * Instead I got a t-shirt saying ‘I was waiting for a bug getting fixed and all I got was a security issue’. Viewing 3 replies - 1 through 3 (of 3 total) * [BarbRoos](https://wordpress.org/support/users/barbroos/) * (@barbroos) * [5 years, 2 months ago](https://wordpress.org/support/topic/security-issue-plugin-allows-subscribers-to-submit-draft-posts/#post-13953799) * Hello, * Has this problem been solved? * [snoffel](https://wordpress.org/support/users/snoffel/) * (@snoffel) * [5 years, 2 months ago](https://wordpress.org/support/topic/security-issue-plugin-allows-subscribers-to-submit-draft-posts/#post-13957394) * [@barbroos](https://wordpress.org/support/users/barbroos/) As far as I understand the code, this “adding the edit_post capability to subscribers” only happens, if you check the option “Allow Contributors & Subscribers to upload avatars” on the settings page. But I am not sure about this. * Plugin Author [Collins Agbonghama](https://wordpress.org/support/users/collizo4sky/) * (@collizo4sky) * [5 years, 2 months ago](https://wordpress.org/support/topic/security-issue-plugin-allows-subscribers-to-submit-draft-posts/#post-14026973) * We’ve fixed this issue in the latest version released today. * edit_post cap is no longer added. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘SECURITY ISSUE: Plugin allows subscribers to submit draft posts’ is closed to new replies. * ![](https://ps.w.org/wp-user-avatar/assets/icon-256x256.png?rev=2532486) * [Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress](https://wordpress.org/plugins/wp-user-avatar/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-user-avatar/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-user-avatar/) * [Active Topics](https://wordpress.org/support/plugin/wp-user-avatar/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-user-avatar/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-user-avatar/reviews/) * 3 replies * 4 participants * Last reply from: [Collins Agbonghama](https://wordpress.org/support/users/collizo4sky/) * Last activity: [5 years, 2 months ago](https://wordpress.org/support/topic/security-issue-plugin-allows-subscribers-to-submit-draft-posts/#post-14026973) * Status: resolved