Users can modify their level without paying

  • Resolved toddheitner

    (@toddheitner)


    8 years, 10 months ago

    I’ve been using this plugin for a while now. I’ve noticed a few occasions where I got a notification that a user’s level was changed by an administrator when I knew I hadn’t done it. Finally I figured out how it’s happening.

    If a logged-in user clicks to go to their Profile, where they can update their information, there is a drop-down menu that should only be visible to me, but that it seems all users can access, which allows them to change their membership level. But this doesn’t change their billing info. It basically just allows customers to give themselves a free upgrade.

    How can I stop this?

    I’m on multisite in case it’s relevant.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Andrew Lima

    (@andrewza)

    8 years, 10 months ago

    Hi @toddheitner,

    Thank you for using Paid Memberships Pro, I’m sorry to hear about this issue that you are facing.

    Only administrators or membership managers should have access to this field in the edit user profile.

    Are you using any plugin that may alter a user’s role (custom roles) or a plugin that may turn the edit profile page to a front-end page?

    Thread Starter toddheitner

    (@toddheitner)

    8 years, 10 months ago

    Thanks for the reply. I am using the paid version of “User Role Editor” plugin. It’s possible that plugin was causing the issue. I realized there was an update available for that plugin and that may have corrected the issue. At least with the login I tested I was not able to see the level drop-down. I’ll have to do more testing, but hopefully that was the problem.

    Thanks,
    Todd

    Plugin Author Andrew Lima

    (@andrewza)

    8 years, 10 months ago

    Hi Todd,

    Thank you for the feedback, please let me know if the issue persists so I may look into it further for you.

    Have a great day further!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Users can modify their level without paying’ is closed to new replies.