Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Terrible mistake in Multi Users Plugin
Today i found a serious security mistake in the Multi Users Plugin. After you creat a new user as a Mod with limit permission, you login by the new user account and you absolutely can delete the ADMIN account in the User management. Really terrible. I fixed it with my way. But you guys can find and fix it in your way. Hope the core team solve this problem when integrate the plugin in new core.

Btw, when new version of 3.4 will be released? I am exciting to see what new.

Thank you
no response on this ?
(2021-10-27, 01:27:10)dryland404 Wrote: no response on this ?

Any newly created user can be assigned different rights.
Unfortunately this plugin has been unmaintained for 10+ years and the author is no longer active.
I created a PR on Github 6 years ago to address some of the issues and it's still open:
Have you tried the forked version MultiUser 1.9.x? It's in the ZIP attached to this post:

Finally, I created gs_usermgr which has support for groups, permissions and roles, and works very well, but it has no UI (you have to manually update the XML files) so I never uploaded it to GS Extend.
Here is the forum thread:
Here is the very detailed Github docs:
And the download:

Users browsing this thread: 1 Guest(s)