WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management vulnerability

Missing Authorization to Authenticated Author+ Gallery Management vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...

WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Image Caption vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...

CVE-2026-1302

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

CVE-2026-1302

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

CVE-2026-0687

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2026-1302

CVE-2026-1302 — Meta-box GalleryMeta (WordPress) is a stored cross-site scripting (XSS) vulnerability affecting versions up to 3.0.1 via admin/settings input, exploitable by authenticated users with Editor+ privileges. Impact is limited to multisite installs and sites where unfiltered_html is dis...

CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2026-0687

Summary of CVE-2026-0687 (Meta-box GalleryMeta, WordPress) : The Meta-box GalleryMeta plugin is vulnerable to unauthorized data modification due to a missing capability check on the mb_gallery custom post type, affecting all versions up to and including 3.0.1. This allows authenticated attackers ...

WordPress plugin Meta-box GalleryMeta: Cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Meta-box GalleryMeta has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4598

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...

PT-2026-4594

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb gallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and...