Media replace is a great feature, but please require it, or at least make an option to require it, to check WordPress capabilities. If a user doesn't have the capability to edit the media, they shouldn't be able to replace it either. Right now, if a user can view all media they can also replace media, even if they don't have edit capabilities. I feel is a pretty big oversight so for now I've unfortunately had to disable this feature potentially very beneficial feature.
- existing file
- access control