Broken Access Control vulnerability leading to plugin settings change discovered by Tien Nguyen Anh (Patchstack Alliance) in WordPress Photospace Gallery plugin (versions <= 2.3.5).
No patched version is available. No reply from the vendor.