2 matches found
CVE-2024-8437 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpegsettings and wpegaddgallery in all versions up to, and including, 4.8.5. This makes it possible for authenticate...
WordPress WP Easy Gallery Plugin <= 4.8.5 is vulnerable to Broken Access Control
Software WP Easy Gallery Type Plugin Vulnerable versions = 4.8.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8437 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 29e098328a72 Credits Lucio Sá Required privilege...