Medium severity4.3NVD Advisory· Published Jan 11, 2024· Updated Apr 8, 2026

CVE-2023-6742

Description

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.

Affected products

Enviragallery/Envira Gallery
cpe:2.3:a:enviragallery:envira_gallery:*:*:*:*:lite:wordpress:*:*
Range: <=1.8.7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.phpnvdPatch
plugins.trac.wordpress.org/changeset/3017115/envira-gallery-lite/tags/1.8.7.3/includes/admin/ajax.phpnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000