CVE-2026-22486
Description
Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Re Gallery plugin for WordPress allows attackers to bypass access controls, affecting up to version 1.18.9.
Vulnerability
Description A missing authorization vulnerability exists in the Re Gallery plugin for WordPress, affecting versions through 1.18.9. This flaw allows attackers to exploit incorrectly configured access control security levels, potentially gaining unauthorized access to functions that should require higher privileges [1].
Exploitation
Attackers can exploit this vulnerability without authentication by sending crafted requests to the affected plugin, targeting missing permission checks in certain functions. The issue is classified as broken access control, and while the CVSS score is 5.3 (Medium), it may still be leveraged in automated attacks against vulnerable sites [1].
Impact
Successful exploitation enables an unprivileged attacker to execute actions restricted to higher-privileged users, such as modifying gallery settings or accessing sensitive data. Although the vendor assesses the risk as low, mass-exploit campaigns could target thousands of sites running outdated plugin versions [1].
Mitigation
The vulnerability is patched in version 1.18.10 of the Re Gallery plugin. Users are strongly advised to update immediately or enable automatic updates via Patchstack to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.18.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.