CVE-2025-22543 – WordPress ST Gallery WP plugin <= 1.0.8 - Settings Change vulnerability

https://notcve.org/view.php?id=CVE-2025-22543

07 Jan 2025 — Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8. The ST Gallery WP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. • https://patchstack.com/database/wordpress/plugin/st-gallery-wp/vulnerability/wordpress-st-gallery-wp-plugin-1-0-8-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •