7.6
CVE-2019-25149
- EPSS 0.61%
- Veröffentlicht 07.06.2023 02:15:10
- Zuletzt bearbeitet 08.04.2026 19:17:32
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginGallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation
Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation
The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.
Mögliche Gegenmaßnahme
Gallery Images Ape: Update to version 2.0.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Robogallery ≫ Gallery Images Ape SwPlatformwordpress Version <= 2.0.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Gallery Images Ape
Version
[*, 2.0.7)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5