User permission, every user can access the backend through a edit product button

[designkj]

Hello

I have VirtueMart 3.4.2 and Joomla 3.9.10 - have been running this Virtuemart for years with regular updates. Now suddenly every user can access the VM backend as the Edit Product button is visible to every Registered user. The edit button is not visible on conventional Joomla pages, only in Virtuemart. I have looked through every table in the DB I can think of but no success... Any history of this or good idea ?

Regards
designkj

[Jörgen]

Check for front end access rights. And make sure you have not any strange superuser that has been created with an unsecure joomla version.
Jörgen @ Kreativ Fotografi

[designkj]

Thank you. There is no new Admin user, and I cannot see anything suspicious. I have tried to delete all Cache and also did a fresh install on Virtuemart but that didn't solve the problem.

Regards

[designkj]

I found the Permissions button on top, and there the registered user is allowed access to almost all areas, is there a bug that can cause this or is it more likely that someone has got into the system ?

[StefanSTS]

Never saw any bug like that.

You might want to run your site through myjoomla or similar to check for hack attempts.
At some time someone must have changed these settings, either someone with given rights, or someone who took the rights.

It might be wise to ask someone experienced to do that (like GJC or so).

Regards
Stefan

[GJC Web Design]

perhaps a read thru of this topic might give some clues

http://forum.virtuemart.net/index.php?topic=138033

[designkj]

Thanks everyone for your kind help :-)