Deluxethemes Media Manager For Userpro vulnerabilities
2 known vulnerabilities affecting deluxethemes/media_manager_for_userpro.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-12822P2CRITICALCVSS 9.8≤ 3.11.02025-01-30
CVE-2024-12822 [CRITICAL] CWE-862 CVE-2024-12822: The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of dat
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress
nvd
CVE-2024-12821P3MEDIUMCVSS 6.5≤ 3.12.02025-01-30
CVE-2024-12821 [MEDIUM] CWE-862 CVE-2024-12821: The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of dat
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to u
nvd