Unauthorized Data Modification in Portfolio Gallery Plugin for WordPress
CVE-2024-13231
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 February 2025
What is CVE-2024-13231?
The Portfolio Gallery plugin for WordPress exposes a critical flaw that allows unauthorized users to add arbitrary videos to any portfolio gallery due to a missing capability check in the 'add_video' function. This vulnerability affects all versions of the plugin up to and including 1.1.7. As a result, unauthenticated attackers can exploit this loophole, potentially leading to a range of malicious activities, including defacement and the dissemination of inappropriate content through compromised galleries.
Affected Version(s)
WordPress Portfolio Builder – Portfolio Gallery * <= 1.1.7