UserPro Plugin for WordPress Exposed to Privilege Escalation Risk
CVE-2024-12822
9.8CRITICAL
What is CVE-2024-12822?
The Media Manager for UserPro plugin for WordPress has a critical vulnerability that allows unauthenticated attackers to modify data due to a missing capability check in the add_capto_img() function. This flaw permits the alteration of arbitrary options on the WordPress site, potentially enabling attackers to elevate their permissions to administrative levels. With this access, malicious users could configure the default registration role to administrator and exploit the vulnerability to commandeer the website.
Affected Version(s)
Media Manager for UserPro * <= 3.11.0