CVE-2022-45841 – Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization

https://notcve.org/view.php?id=CVE-2022-45841

The Robo Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 3.2.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create articles, list posts, activate and deactivate addons and reset gallery view counts. Furthermore, several of these AJAX actions were missing Cross-Site Request Forgery Protection. • CWE-862: Missing Authorization •