WordPress · Gallery Blocks With Lightbox · CVE-2025-14288
**Name of the Vulnerable Software and Affected Versions**
The Gallery Blocks with Lightbox versions prior to 3.3.1
**Description**
The Gallery Blocks with Lightbox WordPress plugin is susceptible to unauthorized modification of plugin settings. This occurs because the plugin incorrectly uses the `edit posts` capability check instead of `manage options` for the `update option` action type within the `pgc sgb action wizard` AJAX handler. Authenticated attackers possessing Contributor-level access or higher can modify arbitrary plugin settings prefixed with `pgc sgb *`.
**Recommendations**
Update The Gallery Blocks with Lightbox to version 3.3.1 or later.