found a pretty bad security bug with firestats need some testers to please confirm it

hi guys,

Since I currently have no easily accessible testbed would someone please install firestats on a wp 3.0.1 with multi-site enabled and activate it site-wide.

The problem I am having is that EVERY admin can delete stats, change the DB and basically do everything that only the site-admin is supposed to be able to do.

I have opened a ticket but the plugin author is currently unavailable to fix it and asked me to test it on a fresh install. Here is the ticket:

Please leave this in the private forum till it is confirmed or disputed but if I am right this should not be made public till the author gets a chance to fix it.

maybe I am wrong though :slight_smile: