cvedb.io
CVE-2023-0441
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2023-03-27T16:15:08.193 · Last modified 2026-06-17T05:25:33.527

Summary

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.

Affected products

simplygallery — simply_gallery_blocks_with_lightbox

Does this affect you?

Add your gear to cvedb and we'll alert you only when simplygallery ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.