4 matches found
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2023-23705
Cross-Site Request Forgery CSRF vulnerability in HM Plugin WordPress Books Gallery plugin = 4.4.8 versions...
CVE-2023-23705
CVE-2023-23705 affects the HM Plugin WordPress Books Gallery plugin, versions
WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Books Gallery Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23705 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db5a6b5005b4 Credits yuyudhn Required...