Vulnerabilities > Userproplugin > Media Manager

DATE CVE VULNERABILITY TITLE RISK
2025-01-30 CVE-2024-12821 Missing Authorization vulnerability in Userproplugin Media Manager
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0.
network
low complexity
userproplugin CWE-862
6.5
6.5
2025-01-30 CVE-2024-12822 Missing Authorization vulnerability in Userproplugin Media Manager
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0.
network
low complexity
userproplugin CWE-862
critical
 9.8
9.8