CVE-2023-6742

by Fred · 11/01/2024

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the ‘envira_gallery_insert_images’ function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users’ posts.

Date published : 2024-01-11

https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php

https://plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php

CVE-2023-6742

Similar

Recent Posts

Categories

CVE-2023-6742

Share this:

Similar

Recent Posts

Categories

Tags