High severity8.1NVD Advisory· Published Mar 27, 2023· Updated Jun 17, 2026
CVE-2023-0441
CVE-2023-0441
Description
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.0.8+ 1 more
- (no CPE)range: <3.0.8
- (no CPE)range: <3.0.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.