cleantalk
Vulnerabilities and Security Researches

Meta-box GalleryMeta, CVE-2026-0687

CVE, Research URL

CVE-2026-0687

Home page URL

Security reports for Meta-box GalleryMeta

Application

Meta-box GalleryMeta

Published on
Jan 24, 2026
Research Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb_gallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and above, to create and publish galleries.
Affected versions
max 3.1.
Status
vulnerable
Previous vulnerability researches
Meta-box GalleryMeta (CVE-2026-1302) , Apr 13, 2026
Meta-box GalleryMeta (CVE-2026-0687) , Apr 13, 2026
Authors Autocomplete Meta Box (CVE-2025-25169) , Feb 17, 2025
Meta Box – WordPress Custom Fields Framework (CVE-2024-1204) , Jun 07, 2024
Meta Box – WordPress Custom Fields Framework (CVE-2023-6526) , Jun 07, 2024
New vulnerability
Image Source Control Lite – Show Image Credits and Captions (CVE-2026-4852) , Apr 22, 2026
MailerLite – WooCommerce integration (CVE-2026-1000) , Apr 22, 2026
Embed Calendly (CVE-2026-0868) , Apr 22, 2026
Product Filter by WBW (CVE-2026-39494) , Apr 22, 2026
Product Filter by WBW (CVE-2026-3830) , Apr 22, 2026