Arbitrary Plugin Deactivation in Gallery Images Ape Plugin for WordPress
CVE-2019-25149

7.6HIGH

Key Information:

Vendor: Wordpress
Status: Gallery Images Ape
Vendor: CVE Published:; 7 June 2023

What is CVE-2019-25149?

The Gallery Images Ape plugin for WordPress allows authenticated users to deactivate any plugin installed on the site in versions up to and including 2.0.6. This vulnerability presents a significant risk as it enables attackers, regardless of their user capability level, to disrupt site functionality or compromise its security by disabling essential plugins.

Affected Version(s)

Gallery Images Ape * < 2.0.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/wordpress-ape-gallery-plugin-...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet