id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
12	User Access To Espir!t Picasa Settings	accountantbyday@…	ady	"Just a heads up on something that seems to be a fairly serious security issue with this plugin:  

I noticed that when they are logged into their dashboard, non-administrators have the ability to view and change the settings for this plugin through the Settings section on the left sidebar.  So any person who registered as a commenter, who shouldn't have permissions beyond being able to read posts, is now able to view/change the administrator's Picasa ID as well as the preferences for image dimensions.  Basically on this plugin they have the same capabilities that an administrator does."	defect	closed	critical	wp-esprit-picasa-0.0.3	WP ESPR!T Picasa	fixed