CVE-2024-3268

Name of the Vulnerable Software and Affected Versions The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress versions up to, and including, 3.3.6

Description The issue allows unauthorized modification of data due to a missing capability check on the emd form builder lite submit form function. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.

Recommendations For versions up to, and including, 3.3.6, update to a version higher than 3.3.6 to resolve the issue. As a temporary workaround, consider disabling the emd form builder lite submit form function until a patch is available.