When I manage the groups application from the Wix manager, I make the following setting: ‘Only the site owner can add members’, but while this setting works in the web version, it is ineffective in the Wix branded app. In other words, if someone using the Wix branded app creates a group, the settings changed by the site owner do not take effect on him. For example, the site owner can only add members to the site. When the owner selects the option of adding members, someone entering the site from the Wix branded app can bypass this setting by changing this setting to “all members can add members”. This is a serious security vulnerability.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Users can change the settings changed by the site owner. | 0 | 7 | December 4, 2024 | |
| Users can change the settings changed by the site owner | 0 | 7 | December 5, 2024 | |
| They have own group add all members to it with a single click | 2 | 19 | December 2, 2024 | |
| Adding to velo automation | 3 | 19 | December 6, 2024 | |
| Mobile App Group Permissions | 0 | 69 | March 25, 2019 |