CVE-2023-6742

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.
Configurations

Configuration 1 (hide)

cpe:2.3:a:enviragallery:envira_gallery:*:*:*:*:lite:wordpress:*:*

History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php - Patch () https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php - Patch
References () https://plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php - Patch () https://plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve - Third Party Advisory

17 Jan 2024, 20:39

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 09:15

Updated : 2024-11-21 08:44


NVD link : CVE-2023-6742

Mitre link : CVE-2023-6742

CVE.ORG link : CVE-2023-6742


JSON object : View

Products Affected

enviragallery

  • envira_gallery
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions