Home Forums Bug Reports ACF is accessible not only for admins

ACF is accessible not only for admins

  • Hello @elliot!

    I don’t know if it’s really a problem, but I think it’s relevant: any user with the capability ‘edit_page’ can access the ACF main page and create field groups.

    Even the ACF menu item doesn’t appears for that user roles, if the user put the direct url (wp-admin/edit.php?post_type=acf) it’s possible to access the page and create groups & fields.

    The capability_type ‘page’ is intentional? Maybe could be safer change it to a
    higher capability.


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.