[wp-trac] [WordPress Trac] #5848: Any registered user can upload files in async-upload.php

[WordPress Trac]

#5848: Any registered user can upload files in async-upload.php
----------------------+-----------------------------------------------------
 Reporter:  xknown    |       Owner:  anonymous
     Type:  defect    |      Status:  new      
 Priority:  normal    |   Milestone:  2.5      
Component:  Security  |     Version:  2.5      
 Severity:  normal    |    Keywords:           
----------------------+-----------------------------------------------------
 There isn't capability checks in async-upload.php, so any registered user
 is able to upload files.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5848>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software