WordPress Plugin Vulnerabilities

Photo Gallery – Image Gallery by Ape <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation

Description

The Photo Gallery – Image Gallery by Ape WordPress plugin was affected by an Authenticated Arbitrary Plugin Deactivation security vulnerability.

Affects Plugins

Plugin icon
gallery-images-ape
Fixed in 2.0.7

References

CVE
CVE-2019-25149
URL
https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher
Jerome Bruandet (Nintechnet.com)
Verified
No
WPVDB ID
ed98b0de-c4f6-4306-97c6-82f8fe2e5b3f

Timeline

Publicly Published
2019-12-30 (about 6 years ago)
Added
2019-12-30 (about 6 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2025-07-04
Title
Service Finder Booking <= 6.0 - Unauthenticated Privilege Escalation
Published
2025-05-12
Title
Frontend Dashboard 1.5.10 - 2.2.7 - Subscriber+ Account Takeover/Privilege Escalation via ajax_request Function
Published
2025-10-11
Title
Advanced scrollbar < 1.1.9 - Authenticated (Subscriber+) Privilege Escalation
Published
2025-08-18
Title
Real Spaces - WordPress Properties Directory Theme < 3.6.1 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register'
Published
2024-09-17
Title
Houzez < 3.3.0 - Subscriber+ Privilege Escalation