WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability
CVE-2023-25988

7.5HIGH

Key Information:

Vendor: WordPress
Status: Video Gallery – Youtube Gallery
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-25988?

A vulnerability exists in the Video Gallery – YouTube Gallery plugin developed by Total-Soft that results from missing authorization. This flaw allows unauthorized actors to exploit incorrectly configured access control security levels, potentially leading to unauthorized access to sensitive features or user data. The affected versions, ranging from an unspecified version up to 1.7.6, require immediate attention to ensure proper access control mechanisms are implemented to safeguard against potential exploitation.

Affected Version(s)

Video Gallery – YouTube Gallery <= 1.7.6

References

https://patchstack.com/database/wordpress/plugin/gallery-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Feb 17, 2023

Credit

István Márton (Patchstack Alliance)