Title: [Plugin: uCan Post] Do not run the plugin! Security issue!
Last modified: August 20, 2016

---

# [Plugin: uCan Post] Do not run the plugin! Security issue!

 *  [ninetienne](https://wordpress.org/support/users/ninetienne/)
 * (@ninetienne)
 * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-ucan-post-do-not-run-the-plugin-security-issue/)
 * The plugin is facing serious security issue.
 * After it’s activated, all subscribers have “Media” tab in their dashboard, allowing
   to upload and see all the media files.
 * Even if you deactivate and uninstall the plugin, they can still get access to
   the Media library.
 * See more here:
 * [http://wordpress.org/support/topic/plugin-wp-hide-dashboard-media-tab-still-visible](http://wordpress.org/support/topic/plugin-wp-hide-dashboard-media-tab-still-visible)
 * No support from the developer though!
 * How do you actually hide the Media library from subscribers now?!
 * [http://wordpress.org/extend/plugins/ucan-post/](http://wordpress.org/extend/plugins/ucan-post/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [cartpauj](https://wordpress.org/support/users/cartpauj/)
 * (@cartpauj)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-ucan-post-do-not-run-the-plugin-security-issue/#post-2293045)
 * If you do not want users to have access to media, please find lines in the ucan-
   post-class.php file:
 *     ```
       $role = get_role('contributor');
             $role->add_cap('upload_files');
             $role = get_role('subscriber');
             $role->add_cap('upload_files');
             $role->add_cap('unfiltered_html');
       ```
   
 * Change them to this:
 *     ```
       $role = get_role('contributor');
             $role->remove_cap('upload_files');
             $role = get_role('subscriber');
             $role->remove_cap('upload_files');
             $role->remove_cap('unfiltered_html');
       ```
   
 * After changing these lines you will need to de-activate and re-activate the plugin
   before it will take affect.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: uCan Post] Do not run the plugin! Security issue!’ is closed
to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/ucan-post.svg)
 * [uCan Post](https://wordpress.org/plugins/ucan-post/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ucan-post/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ucan-post/)
 * [Active Topics](https://wordpress.org/support/plugin/ucan-post/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ucan-post/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ucan-post/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [cartpauj](https://wordpress.org/support/users/cartpauj/)
 * Last activity: [14 years, 8 months ago](https://wordpress.org/support/topic/plugin-ucan-post-do-not-run-the-plugin-security-issue/#post-2293045)
 * Status: not resolved