Multi Vendor Marketplace Plugin | WCFM Marketplace › Forums › WCFM – Marketplace (WooCommerce Multivendor Marketplace) › Major security issue that has not been fixed.
Tagged: wcfm affiliate, WCFM Marketplace
- This topic has 2 replies, 2 voices, and was last updated 5 years, 2 months ago by WCFM Forum.
- AuthorPosts
- October 3, 2019 at 2:31 am #84831edo hoparParticipant
Hello,
A few days ago another user posted here that Affiliate has access to Site Settings and you guys have not fixed this. You do realize that any affiliate can take all profits from the website owner if you do not fix this issue.
WARNING: WCFM AFFILIATE Account has access to SETTINGS, including Payment settings, Commission Settings, VENDOR COMMISSION SETTINGS, Product, Store and many other ADMIN Settings.
When affiliates log in, it takes them to their Affiliate Dashboard. Example
https://mywebsite.com/store-manager/affiliates/
NOW, While logged in as an affiliate, If you replace the URL with https://mywebsite.com/store-manager/SETTINGS/ you will get access to ADMIN SETTINGS…
FIX THIS PLEASE. AFFILIATES SHOULD NOT HAVE ACCESS TO ALL THESE.
Attachments:
You must be logged in to view attached files. - October 10, 2019 at 12:46 pm #85970edo hoparParticipant
Has any one of you guys had a chance to look in to this problem?
It has been over 1 week I have posted this issue and you have not fixed it or responded - October 11, 2019 at 10:28 am #86181WCFM ForumMember
We will take care of this in next update.
- AuthorPosts
- The topic ‘Major security issue that has not been fixed.’ is closed to new replies.