Description
WordPress Plugin WordPress Filter Gallery is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently make unauthorized AJAX calls and delete/edit/add arbitrary galleries. WordPress Plugin WordPress Filter Gallery version 0.0.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.0.7 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:1B9AFC2C-2AD5-4B9A-BA8B-88784A378C8A
https://plugins.svn.wordpress.org/filter-gallery/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)
ownCloud CVE-2017-9339 Vulnerability (CVE-2017-9339)
WordPress Plugin Genesis Simple Defaults Arbitrary File Upload (1.0.0)
phpList CVE-2023-27576 Vulnerability (CVE-2023-27576)
WordPress Plugin Spryng Payments for WooCommerce Cross-Site Scripting (1.6.7)