1 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. The Photo Gallery Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function intended for users with higher level of privilege. • https://patchstack.com/database/vulnerability/photo-gallery-builder/wordpress-photo-gallery-builder-plugin-3-0-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •