CVE-2023-6742 Information

Description

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the ’envira_gallery_insert_images’ function in all versions up to and including 1.8.7.1. This makes it possible for authenticated attackers with contributor access and above to modify galleries on other users’ posts.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php https://plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.php