CSRF Vulnerability in Photo Gallery Plugin by Pearl Bells
CVE-2025-27276

8.8HIGH

Key Information:

Vendor: WordPress
Status: Photo Gallery ( Responsive )
Vendor: CVE Published:; 24 February 2025

What is CVE-2025-27276?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Pearl Bells Photo Gallery ( Responsive ) plugin, allowing attackers to perform unauthorized actions on behalf of authenticated users. This flaw can lead to privilege escalation, enabling attackers to gain higher-level permissions within the affected system. Users of the Photo Gallery plugin versions prior to 4.0 are particularly at risk if they do not implement necessary security measures.

Affected Version(s)

Photo Gallery ( Responsive ) <= 4.0

References

https://patchstack.com/database/wordpress/plugin/photo-ga...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Mika (Patchstack Alliance)

WordPress

What is CVE-2025-27276?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit