CVE-2025-27276 – WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability

https://notcve.org/view.php?id=CVE-2025-27276

24 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0. The Photo Gallery ( Responsive ) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to achieve privilege escalation granted they can trick a site ... • https://patchstack.com/database/wordpress/plugin/photo-gallery-pearlbells/vulnerability/wordpress-photo-gallery-responsive-plugin-4-0-csrf-to-privilege-escalation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •