CVE-2023-6742

Name of the Vulnerable Software and Affected Versions Envira Photo Gallery plugin for WordPress versions up to, and including, 1.8.7.1

Description The issue allows authenticated attackers with contributor access and above to modify galleries on other users' posts due to an improper capability check on the envira gallery insert images function.

Recommendations For versions up to, and including, 1.8.7.1, update to a version higher than 1.8.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the envira gallery insert images function to prevent unauthorized modifications.