CVE-2025-13603

Name of the Vulnerable Software and Affected Versions WP AUDIO GALLERY versions prior to 2.1

Description The WP AUDIO GALLERY plugin for WordPress is susceptible to an unauthorized arbitrary file read issue in versions up to 2.0. This is caused by inadequate capability checks and a lack of nonce verification within the wpag htaccess callback function. Authenticated attackers with subscriber-level access or higher can overwrite the site's .htaccess file with arbitrary content, potentially leading to arbitrary file read on the server, depending on the server configuration.

Recommendations Update WP AUDIO GALLERY to version 2.1 or later.