cleantalk
Vulnerabilities and Security Researches

Gallery Plugin for WordPress – Envira Photo Gallery, CVE-2023-6742

CVE, Research URL

CVE-2023-6742

Home page URL

Security reports for Gallery Plugin for WordPress – Envira Photo Gallery

Application

Gallery Plugin for WordPress – Envira Photo Gallery

Published on
Jan 11, 2024
Research Description
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.
Affected versions
max 1.8.7.3.
Status
vulnerable
Previous vulnerability researches
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2025-12377) , Dec 10, 2025
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2025-11448) , Dec 10, 2025
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-37095) , Jun 24, 2024
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-43925) , Aug 29, 2024
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-5020) , Dec 05, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025