English is not my native language. If you have any questions, you can ask them on GitHub.
Features
- Ride Mode - Players can ride any entity
- RideMe Mode - Entities can ride players
- Connect Mode - Connect two entities
- Launch Function - Launch riders with slow falling effect
- Movement Control - Control riding entity movement
- World Disable - Configure disabled worlds
- Permission System - Fine-grained permission control
- ⚙️ Custom Commands - Avoid conflicts with other plugins (e.g., CMI)
- ️ Security Fixes - Fixed all known security vulnerabilities
Commands
Command
Description
Permission
/ride or /rideplus Toggle ride mode ridemeplus.ride
/ride me Toggle rideme mode ridemeplus.rideme
/ride on Allow being ridden ridemeplus.allow
/ride off Disallow being ridden ridemeplus.allow
/ride kick Kick passenger ridemeplus.kick
/ride move Toggle movement control ridemeplus.move
/ride launch Launch passenger ridemeplus.launch
/ride connect Connect entities ridemeplus.connect
/ride reload Reload config ridemeplus.reload
/ride help Show help No permission required
Permissions
Permission
Description
Default
ridemeplus.* All permissions OP
ridemeplus.ride Ride entities false
ridemeplus.rideme Be ridden false
ridemeplus.kick Kick passengers false
ridemeplus.launch Launch passengers false
ridemeplus.move Movement control false
ridemeplus.connect Connect entities false
ridemeplus.allow Allow/disallow being ridden false
ridemeplus.reload Reload config OP
ridemeplus.bypass Bypass restrictions OP
Configuration
yaml
# Custom command name (avoid conflicts with CMI, etc.)
custom-command: 'rideplus'
# Permission check
enable-permission-check: true
# Max stack height
max-stack-height: 5
# Disabled worlds
disabled-worlds:
- world_nether
- world_the_end
# Disabled entity types
disable-list:
- ENDER_DRAGON
- WITHER
- GIANT
Security Fixes
This version fixes the following security vulnerabilities:
- ✅ Permission bypass vulnerability (Critical)
- ✅ Default permissions too permissive (Critical)
- ✅ Event listener permission bypass (Critical)
- ✅ Attack kick event permission bypass
- ✅ Alias command permission mapping error
- ✅ OP permission auto-bypass
- ✅ High CPU usage issue
Performance Comparison
Item
Before
After
Improvement
Permission Security ❌ Bypassable ✅ Strict Check 100%
CPU Usage ❌ 100% ✅ <1% 99% reduction
Memory Leak ❌ Risk ✅ Fixed 100%
Resolving CMI Conflicts
If your server has CMI plugin installed, the /ride command will conflict.
Solution 1: Use built-in aliases (Recommended)
bash
运行
/rideplus help
/rmp help
Solution 2: Modify configuration
yaml
# config.yml
custom-command: 'rideplus'
Then restart the server.
Note: All function permissions default to false and need to be manually granted.
If you have any questions, you can ask me here.