4.3
CVE-2023-6742
- EPSS 0.13%
- Veröffentlicht 11.01.2024 09:15:51
- Zuletzt bearbeitet 21.11.2024 08:44:27
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginEnvira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.
Mögliche Gegenmaßnahme
Envira Gallery for WordPress – Image Photo Gallery, Video Gallery, Slideshows & More: Update to version 1.8.7.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Envira Gallery for WordPress – Image Photo Gallery, Video Gallery, Slideshows & More
Version
*-1.8.7.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Enviragallery ≫ Envira Gallery SwEditionlite SwPlatformwordpress Version <= 1.8.7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.328 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-754 Improper Check for Unusual or Exceptional Conditions
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.