WordPress Capabilities: edit_user vs edit_users

I found a few references to edit_user as a capability, one of which is this:

// Allow user to edit itself
    if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
    break;

http://core.trac.wordpress.org/browser/tags/3.5.2/wp-includes/capabilities.php#L1005

I believe the comment in that block of code answers this question.

Per @PatJ, it looks like map_meta_cap converts (in a sense) edit_user into edit_users but only if the user attempting to edit the profile is the profile’s owner, thus allowing users who otherwise have no user edit capabilities to edit their own profile information.

Related Posts:

  1. Allowing Custom Capability to Manage Plugin Options
  2. How To Create A File Archive in WordPress?
  3. What are the common security flaws I need to look for? [closed]
  4. How can I modify the Capability needed to access a plugin’s options?
  5. Where should my plugin POST to?
  6. Add Capabilities to Custom Post Type after it has been created [duplicate]
  7. Security error WP 4.0 + WP phpBB Bridge [closed]
  8. Should I use RIPS tool to test my themes and plugins?
  9. Checking for user role in a custom plugin
  10. Allow Facebook to preview posts before published
  11. Escape when echoed
  12. Set user ID at time of wp_create_user
  13. Update User Role
  14. How to write a plugin to add users to a mail list
  15. How to make a customize role and view a specific plugins base on that role?
  16. wp_create_nonce function doesn’t work inside a plugin?
  17. Making a plugin only available on the front-end for the logged in super admin
  18. Redirection of users away from wp-admin (but not administrators)
  19. How to set add question capability for author role in wp pro quiz plugin
  20. Unable to delete custom post types, confusion around capabilities
  21. Can a Plugin Override New User Default Role Type
  22. I should enable automatic updates?
  23. Prevent direct access to WordPress plugin assets?
  24. How to prevent plugins from sniffing/stealing other plugins’ options?
  25. Add User Role: Pre-saved in User-Meta [SOLVED]
  26. Remove specific administrator’s capability
  27. How to hide plugin options for editors via functions.php
  28. Adding plugin editing capability for Author
  29. Security of a WordPress Plugin
  30. Help to Create a Simple Plugin to make a post
  31. Allow a particular user to access a particular plugin?
  32. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  33. See which user role / capability is needed to use a plugin
  34. Securing a plugin pop-up window
  35. Remove dashboard links from wordpress
  36. Why user profile update creates Additional Capabilities
  37. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  38. Run only on plug-in activation instead of wp_head
  39. wp_verify_nonce fails always
  40. Validating values using Settings API?
  41. Want to add post to user dashboard
  42. Sync roles across several plugins
  43. How to disable plugin capability : “create new category”
  44. edit slider plugin capability for custom_role
  45. WordPress.Security.NonceVerification.Recommended
  46. Why “Contact Form 7” doesn’t update PHPmailer library?
  47. Add rewrite rule to permalink structure
  48. Handling jQuery Component Collision
  49. Pass A Value From Outside To A Plugin Variable
  50. shortcode doesn’t work
  51. Will WordPress username displayed somewhere in the site?
  52. How to handle autoloading with composer by keeping the WordPress naming conventions?
  53. Current user in plugin returns NULL
  54. What are the benefit in adding hook in the init() hook?
  55. How can I implement a notification system in wordpress?
  56. Minimum PHP Required for WordPress
  57. building plugin and it is displaying above plugins page
  58. load_theme_textdomain path
  59. Create entire wordpress as a github repositery?
  60. Conditional attributes and logic per product category
  61. Why Is This Code Causing The Admin Bar to Disappear?
  62. Displaying Custom Sidebar Without Modifying Theme’s Core File?
  63. Adding CSS to custom post type admin page causes error
  64. Create shortcode to echo javascript
  65. Hack-Proof OR Security in WordPress — is it real?
  66. Redirect to another page using contact form 7? [closed]
  67. wp_list_table class is not safe to use
  68. Separate database for a wordpress plugin
  69. remove all submenus from plugin
  70. Specific way to allow WordPress users to view their current password? And edit it?
  71. Hook for page Request?
  72. SMTP Error: Could not authenticate [closed]
  73. How to delete all categories programatically?
  74. How to use custom Javascript code inside a plugin?
  75. Adding submenu to custom plugin menu page created with add_menu_page() function
  76. How to render a template file using shortcode inside a plugin
  77. Does WordPress check for updates of a plugin via plugins root folder name?
  78. Delete data from custom table when deleting a post
  79. How do i ‘deactivate’ a plugin only on a certain page template?
  80. Need to add/remove group of options and display them as rows
  81. How to deactivate my plugin upon deactivation of NextGen
  82. Paypal Framework
  83. WP Insert Post If user refreshes override new post
  84. Order by post_date does not work in Previous and Next post pagination
  85. Fatal error “Call to undefined function is_plugin_active” each time the plugin is activated
  86. Custom Plugin: How to Include Install Buttons of other 3rd Party Plugins?
  87. How to get the checkout form data from checkout page when place-order button is clicked
  88. Getting Fatal error: Uncaught Error: Call to undefined function plugin_dir_path() when linking to another file within my wordpress plugin
  89. How to make WooCommerce multiple filter with custom meta fields
  90. Modify Plugin PHP Class in Child Theme – Correct Method
  91. Call function when save setting/option in custom admin page
  92. Plugin to Delete All Posts Monthly
  93. mailjet plugin – extend functionnalities and reuse api
  94. Force download a file within plugin file
  95. Can anyone tell me why I can’t edit a plugin when it is installed without having to re-install?
  96. Creating fields in the database
  97. Display Any Field fromAdmin Panel in Frontend via Shortcode?
  98. Is Nonce Verification (CSRF) required for WordPress Custom Bulk User Actions?
  99. plugin development code standard not matching for SQL query
  100. Ajax response from Media Selection does not update ALL information more than once

Leave a Comment