CVE-2023-0441
Last modified
CVE-2023-0441 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.. EPSS estimates a 0.73% chance of exploitation in the next 30 days.
Description
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Simplygallery | Simply Gallery Blocks With Lightbox | < 3.0.8 |
References
- https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0441?
How severe is CVE-2023-0441?
How do I fix CVE-2023-0441?
Are you affected by CVE-2023-0441?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST