PT-2025-51064 · WordPress · Gallery Blocks With Lightbox
Karol Paciorek
·
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-14288
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Gallery Blocks with Lightbox versions prior to 3.3.1
Description
The Gallery Blocks with Lightbox WordPress plugin is susceptible to unauthorized modification of plugin settings. This occurs because the plugin incorrectly uses the
edit posts capability check instead of manage options for the update option action type within the pgc sgb action wizard AJAX handler. Authenticated attackers possessing Contributor-level access or higher can modify arbitrary plugin settings prefixed with pgc sgb *.Recommendations
Update The Gallery Blocks with Lightbox to version 3.3.1 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallery Blocks With Lightbox