CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35720 – WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35720
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7. Vulnerabilidad de autorización faltante en A WP Life Album Gallery – WordPress Gallery. Este problema afecta a la Galería de álbumes – Galería de WordPress: desde n/a hasta 1.5.7. The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_album_gallery and _ag_save_settings functions in versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings. • https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •