CVE-2023-45631 – Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions
https://notcve.org/view.php?id=CVE-2023-45631
The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to e.g. create galleries, delete galleries, rename albums, delete albums, and more. CVE-2024-37542 may be a duplicate of this. • CWE-862: Missing Authorization •
CVE-2023-25060 – Album and Image Gallery plus Lightbox <= 1.6.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-25060
The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on two AJAX actions in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to change attributes of images used by the plugins in slideshows. • CWE-862: Missing Authorization •