diff --git a/typo3/sysext/core/Classes/Hooks/BackendUserGroupIntegrityCheck.php b/typo3/sysext/core/Classes/Hooks/BackendUserGroupIntegrityCheck.php
new file mode 100644
index 0000000000000000000000000000000000000000..94bc74869a5ca2aeb2b41f42599f793a8595753c
--- /dev/null
+++ b/typo3/sysext/core/Classes/Hooks/BackendUserGroupIntegrityCheck.php
@@ -0,0 +1,75 @@
+<?php
+namespace TYPO3\CMS\Core\Hooks;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\DataHandling\DataHandler;
+use TYPO3\CMS\Core\Messaging\FlashMessage;
+use TYPO3\CMS\Core\Messaging\FlashMessageQueue;
+use TYPO3\CMS\Core\Messaging\FlashMessageService;
+use TYPO3\CMS\Core\SingletonInterface;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\StringUtility;
+use TYPO3\CMS\Lang\LanguageService;
+
+/**
+ * DataHandler hook class to check the integrity of submitted be_groups data
+ */
+class BackendUserGroupIntegrityCheck {
+
+	/**
+	 * @param string $status
+	 * @param string $table
+	 * @param int $id
+	 * @param array $fieldArray
+	 * @param DataHandler $parentObject
+	 */
+	public function processDatamap_afterDatabaseOperations($status, $table, $id, $fieldArray, $parentObject) {
+		if ($table !== 'be_groups' || $GLOBALS['TYPO3_CONF_VARS']['BE']['explicitADmode'] !== 'explicitAllow') {
+			return;
+		}
+
+		$backendUserGroup = BackendUtility::getRecord($table, $id, 'explicit_allowdeny');
+		$explicitAllowDenyFields = GeneralUtility::trimExplode(',', $backendUserGroup['explicit_allowdeny']);
+		foreach ($explicitAllowDenyFields as $value) {
+			if (StringUtility::beginsWith($value, 'tt_content:list_type:')) {
+				if (!in_array('tt_content:CType:list:ALLOW', $explicitAllowDenyFields, TRUE)) {
+					/** @var $flashMessage FlashMessage */
+					$flashMessage = GeneralUtility::makeInstance(
+						FlashMessage::class,
+						$this->getLanguageService()->sl('LLL:EXT:lang/locallang_core.xlf:error.backendUserGroupListTypeError.message'),
+						$this->getLanguageService()->sl('LLL:EXT:lang/locallang_core.xlf:error.backendUserGroupListTypeError.header'),
+						FlashMessage::WARNING,
+						TRUE
+					);
+					/** @var $flashMessageService FlashMessageService */
+					$flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
+					/** @var $defaultFlashMessageQueue FlashMessageQueue */
+					$defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
+					$defaultFlashMessageQueue->enqueue($flashMessage);
+				}
+				return;
+			}
+		}
+	}
+
+	/**
+	 * @return LanguageService
+	 */
+	protected function getLanguageService() {
+		return $GLOBALS['LANG'];
+	}
+
+}
diff --git a/typo3/sysext/core/ext_localconf.php b/typo3/sysext/core/ext_localconf.php
index 69eb6100490869678b8cd05af1e7838d33f301d5..6e2b5e361ae765a0e13dd1338fc236a87d7d8995 100644
--- a/typo3/sysext/core/ext_localconf.php
+++ b/typo3/sysext/core/ext_localconf.php
@@ -13,6 +13,7 @@ if (TYPO3_MODE === 'BE' && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL)) {
 		'addUserPermissionsToStorage'
 	);
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect';
+	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = 'TYPO3\\CMS\\Core\\Hooks\\BackendUserGroupIntegrityCheck';
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect->isAllowedToShowEditForm';
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tceforms_inline.php']['checkAccess'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect->isAllowedToShowEditForm';
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['checkModifyAccessList'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect';
diff --git a/typo3/sysext/lang/locallang_core.xlf b/typo3/sysext/lang/locallang_core.xlf
index af3adcee46899e8b5194f4bad35646c79b9cbdd7..d26e52d77ef7736e393eb3ed2d6ceb8decef0c3b 100644
--- a/typo3/sysext/lang/locallang_core.xlf
+++ b/typo3/sysext/lang/locallang_core.xlf
@@ -1143,6 +1143,12 @@ Check also the following points:\n
 			<trans-unit id="error.invalidEmail">
 				<source>"%s" is not a valid e-mail address.</source>
 			</trans-unit>
+			<trans-unit id="error.backendUserGroupListTypeError.header">
+				<source>Possible misconfiguration detected</source>
+			</trans-unit>
+			<trans-unit id="error.backendUserGroupListTypeError.message">
+				<source>Editing of at least one plugin was enabled but editing the page content type "Insert Plugin" is still disallowed. Group members won't be able to edit plugins unless you activate editing for the content type.</source>
+			</trans-unit>
 		</body>
 	</file>
 </xliff>