Vulnerability Details : CVE-2023-0441
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.
Products affected by CVE-2023-0441
- cpe:2.3:a:simplygallery:simply_gallery_blocks_with_lightbox:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0441
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0441
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2023-0441
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: contact@wpscan.com (Primary)
References for CVE-2023-0441
-
https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0
Just a moment...Exploit;Third Party Advisory
Jump to