CVE-2024-12822

Name of the Vulnerable Software and Affected Versions Media Manager for UserPro plugin for WordPress versions up to, and including, 3.11.0

Description The issue concerns unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add capto img() function. This allows unauthenticated attackers to update arbitrary options on the WordPress site, potentially enabling them to update the default role for registration to administrator and gain administrative user access to a vulnerable site.

Recommendations For versions up to, and including, 3.11.0, update to a version higher than 3.11.0 to resolve the issue. As a temporary workaround, consider disabling the add capto img() function until a patch is available. Restrict access to the WordPress site to minimize the risk of exploitation.