Missing Authorization Vulnerability in WP OnlineSupport's Album and Image Gallery plus Lightbox
CVE-2023-25060
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 December 2024
What is CVE-2023-25060?
A vulnerability exists in the Essential Plugin Album and Image Gallery plus Lightbox developed by WP OnlineSupport due to missing authorization checks. This flaw allows for the exploitation of access control security settings, leading to unauthorized access. The issue primarily affects all versions up to 1.6.2, which may allow attackers to manipulate improperly configured access levels, potentially exposing sensitive data and functionalities intended for authorized users only.
Affected Version(s)
Album and Image Gallery plus Lightbox <= 1.6.2