The plugin does not correctly implement capability checks on the refresh_metabox function, leading to unauthorized access of data. As a result, subscribers can obtain a list of images attached to a post.
CPE | Name | Operator | Version |
---|---|---|---|
gallery-metabox | eq | * |