4 Hidden superadmin being given priviliages

@Jack Kitterhing

Knows about this issue but images says it all:

http://screencast.com/t/j1EtdmAG

Thanks

  • Vaughan

    Hi @PCactive,

    Can you click edit on 1 of the super admins and see what their user role is set to?

    Do you have any other user role plugins installed such as user role editor, or role scoper etc?

    I'll flag @Jack Kitterhing to this too being as you might have already discussed this with him by the sounds of it.

    Could you possibly supply login details so I can take a look?

    Can you send your details using the following contact form (select i have a different question from the dropdown.)

    https://premium.wpmudev.org/contact/

    Mark for attn: Vaughan
    Include a ref URL to this thread.

    Please include site login details (super-admin if on multisite)
    Also include FTP login details just in case we need to check the theme.

    Thanks

  • Vaughan

    Hi @pcactive,

    Sorry for the delay, I only just noticed your email today in my spam folder for some reason.

    Is this issue still occuring?

    I have logged on to your site and taking a look.

    I have noticed you have a fair few plugins installed, and a lot need updating. Especially the membership plugin as there are many bugs in the version you have installed.

    The forums plugin you have installed, is also not compatible with Buddypress which you have network activated.

    I can't see anything specific, though there are a lot of plugins installed which I don't know.

    Does every new user register & become a super-admin?

    Thanks

  • Vaughan

    Hi,

    Marking this as resolved as dealt with via emails.

    For others interested in how this was fixed.

    The users website was actually compromised by hackers. After thorough testing on the DB & main site, I moved to the files on the install, where I discovered hidden shell scripts.

    I cleaned all the files out, uploading fresh new core files & removing any suspect files from the server paths.

    The reason users were being constantly made super-admins was due to a script placed in the mu-plugins folder which escalated any admins to super-admin status whenever they visited the dashboard of their multisite blog.

    Thanks

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.