Poxtron

**Name of the Vulnerable Software and Affected Versions** Envira Photo Gallery plugin for WordPress versions up to, and including, 1.8.7.1 **Description** The issue allows authenticated attackers with contributor access and above to modify galleries on other users' posts due to an improper capability check on the `envira gallery insert images` function. **Recommendations** For versions up to, and including, 1.8.7.1, update to a version higher than 1.8.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the `envira gallery insert images` function to prevent unauthorized modifications.