@mattab opened this Issue on October 11th 2018 Member

Before installing a new plugin (via Marketplace or direct upload), we should ask again the Super User to enter their password. Since a plugin can easily lead to RCE it is important to ensure that a Logged-in browser cannot be used to install custom plugins.

Similar to #2932

Powered by GitHub Issue Mirror