CVE-2023-32585
WordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/a through 1.4.6.
The Portfolio Gallery – Responsive Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the TotalSoftPortfolio_Del_Callback() function called via an AJAX action in versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to delete arbitrary galleries. Please note there are many additional AJAX actions that are also vulnerable and can be used to perform other actions like cloning galleries and editing limited details for them.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-05-10 CVE Reserved
- 2023-05-11 CVE Published
- 2024-12-13 CVE Updated
- 2025-05-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
- CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gallery Portfolio Search vendor "Gallery Portfolio" | Gallery Portfolio Search vendor "Gallery Portfolio" for product "Gallery Portfolio" | >= 0.0.0 <= 1.4.5 Search vendor "Gallery Portfolio" for product "Gallery Portfolio" and version " >= 0.0.0 <= 1.4.5" | en |
Affected
| ||||||