Name of the Vulnerable Software and Affected Versions:

Media Manager for UserPro plugin for WordPress versions up to, and including, 3.11.0

Description:

The issue concerns unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `add capto img()` function. This allows unauthenticated attackers to update arbitrary options on the WordPress site, potentially enabling them to update the default role for registration to administrator and gain administrative user access to a vulnerable site.

Recommendations:

For versions up to, and including, 3.11.0, update to a version higher than 3.11.0 to resolve the issue.

As a temporary workaround, consider disabling the `add capto img()` function until a patch is available.

Restrict access to the WordPress site to minimize the risk of exploitation.