WordPress Plugin Vulnerabilities

Envira Gallery Lite < 1.8.7.3 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

Description

The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.

Affects Plugins

Plugin icon
envira-gallery-lite
Fixed in 1.8.7.3

References

CVE
CVE-2023-6742
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nex Team
Verified
No
WPVDB ID
3d5da8f8-6d1f-4272-a026-0566f7c64002

Timeline

Publicly Published
2024-01-08 (about 2 years ago)
Added
2024-01-11 (about 2 years ago)
Last Updated
2024-01-11 (about 2 years ago)

Other

Published
Title
Published
2026-02-17
Title
Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ Unauthorized Media Upload
Published
2025-09-03
Title
Surfer < 1.6.5.584 - Missing Authorization
Published
2023-11-15
Title
MP3 Audio Player for Music, Radio & Podcast by Sonaar < 4.10.1 - Missing Authorization to Template Import
Published
2026-04-16
Title
Elated Listing < 1.5 - Missing Authorization
Published
2025-12-31
Title
Couponer for Elementor <= 1.1.7 - Missing Authorization