WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability
CVE-2023-25988
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 13 December 2024
What is CVE-2023-25988?
A vulnerability exists in the Video Gallery – YouTube Gallery plugin developed by Total-Soft that results from missing authorization. This flaw allows unauthorized actors to exploit incorrectly configured access control security levels, potentially leading to unauthorized access to sensitive features or user data. The affected versions, ranging from an unspecified version up to 1.7.6, require immediate attention to ensure proper access control mechanisms are implemented to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Video Gallery – YouTube Gallery <= 1.7.6
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved