VYPR

Gallery Metabox

by Bill Erickson

CVEs (3)

  • CVE-2023-2562MedJul 12, 2023
    risk 0.28cvss 4.3epss 0.00

    The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a…

  • CVE-2023-2561MedJul 12, 2023
    risk 0.28cvss 4.3epss 0.00

    The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to…

  • CVE-2022-47134MedMay 20, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.