CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23518 – WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-23518
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. Vulnerabilidad de autorización faltante en Navneil Naicker ACF Photo Gallery Field. Este problema afecta a ACF Photo Gallery Field: desde n/a hasta 2.6. The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the apgf_update_donation function in versions up to and including 2.6. This makes it possible for authenticated attackers, with subscriber access and above, to update a plugin option. • https://patchstack.com/database/vulnerability/navz-photo-gallery/wordpress-acf-photo-gallery-field-plugin-2-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •