Gallery Plugin for WordPress – Envira Photo Gallery < 1.12.0 – Missing Authorization to Authenticated (Contributor+) Gallery Conversion | CVE 2025-11448 | Plugin Vulnerabilities

Description

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries.

Affects Plugins

envira-gallery-lite

Fixed in 1.12.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/900e6528-f350-4e1b-80a5-aa01248323a8

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lucas Montes (Nirox)

Verified

No

WPVDB ID

8f5da666-da85-40d4-9027-8449f26187ca

Timeline

Publicly Published

2025-11-07 (about 6 months ago)

Added

2025-11-07 (about 6 months ago)

Last Updated

2025-11-08 (about 6 months ago)

Other

Published

Title

Published

2023-12-27

Title

Slider by Soliloquy < 2.7.3 - Subscriber+ Slider Data Access

Published

2025-11-20

Title

Checkbox < 2.8.11 - Missing Authorization to Unauthenticated Log Clearing

Published

2024-01-05

Title

Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure

Published

2024-04-22

Title

WP Club Manager < 2.2.12 - Missing Authorization

Published

2024-01-05

Title

LightStart < 2.6.9 - Subscriber+ Page design Update