PT-2025-51064 · WordPress · Gallery Blocks With Lightbox
Karol Paciorek
·
Publicado
2025-12-13
·
Atualizado
2025-12-13
·
CVE-2025-14288
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Gallery Blocks with Lightbox versions prior to 3.3.1
Description
The Gallery Blocks with Lightbox WordPress plugin is susceptible to unauthorized modification of plugin settings. This occurs because the plugin incorrectly uses the
edit posts capability check instead of manage options for the update option action type within the pgc sgb action wizard AJAX handler. Authenticated attackers possessing Contributor-level access or higher can modify arbitrary plugin settings prefixed with pgc sgb *.Recommendations
Update The Gallery Blocks with Lightbox to version 3.3.1 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gallery Blocks With Lightbox