2 matches found
WordPress Envira Photo Gallery plugin <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion vulnerability
Missing Authorization to Authenticated Contributor+ Gallery Conversion vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Envira Photo Gallery versions = 1.11.0...
CVE-2025-11448 Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...