Lucene search

PRIOn knowledge basePRION:CVE-2023-6742

HistoryJan 11, 2024 - 9:15 a.m.

Input validation

2024-01-1109:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

plugin

vulnerability

data modification

capability check

authenticated attackers

contributor access

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.4%

JSON

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the ‘envira_gallery_insert_images’ function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users’ posts.

CPENameOperatorVersion
envira_galleryle1.8.7.1

CPE	Name	Operator	Version
	envira_gallery	le	1.8.7.1

References

plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php

plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php

www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve