CVE-2023-2562

2023-07-1205:15:09

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-2562

gallery metabox

wordpress

unauthorized access

data vulnerability

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%

JSON

The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post.

Affected configurations

Vulners

NVD

Node

billericksongallery_metaboxRange≤1.5

CPENameOperatorVersion
gallery-metabox_project:gallery-metaboxgallery-metabox project gallery-metaboxle1.5

CPE	Name	Operator	Version
gallery-metabox_project:gallery-metabox	gallery-metabox project gallery-metabox	le	1.5

CNA Affected

[
  {
    "vendor": "billerickson",
    "product": "Gallery Metabox",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]