I think I have found a hole in the media library permissions. Please see my topic at this link. Media upload permissions issue. Basically a user can edit media that they are not the author of if they go to the post edit screen click the link to upload a file and then go to the media library tab. I have a snippet of code that has fixed this for me.
Media Library permission problem (2 posts)
-
Jeff Sterup
Posted 1 year ago # -
Please contact security@wordpress.org with details of any security issues.
Topic Closed
This topic has been closed to new replies.
