CVE-2023-0441

Name of the Vulnerable Software and Affected Versions The Gallery Blocks with Lightbox WordPress plugin versions prior to 3.0.8

Description The issue concerns an AJAX endpoint in the plugin that can be accessed by any authenticated user, including those with a subscriber role. This endpoint's callback function allows for various actions, most notably reading and updating WordPress options. A potential exploit could enable registration with a default administrator user role, posing a significant security risk.

Recommendations For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint until the update can be applied.