cleantalk
Vulnerabilities and Security Researches

WordPress Portfolio Builder – Portfolio Gallery, CVE-2024-13231

CVE, Research URL

CVE-2024-13231

Home page URL

Security reports for WordPress Portfolio Builder – Portfolio Gallery

Application

WordPress Portfolio Builder – Portfolio Gallery

Published on
Feb 19, 2025
Research Description
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery.
Affected versions
Min -, max 1.1.7.
Status
vulnerable
Previous vulnerability researches
WordPress Portfolio Builder – Portfolio Gallery (CVE-2024-49302) , Oct 19, 2024
WordPress Portfolio Builder – Portfolio Gallery (CVE-2024-13231) , Feb 21, 2025
WordPress Portfolio Builder – Portfolio Gallery (CVE-2024-53788) , Dec 03, 2024
WordPress Portfolio Builder – Portfolio Gallery (CVE-2025-1757) , May 14, 2025
New vulnerability
Lead Form Data Collection to CRM (CVE-2025-47690) , May 14, 2025
WordPress Portfolio Builder – Portfolio Gallery (CVE-2025-1757) , May 14, 2025
LiteSpeed Cache (CVE-2025-47437) , May 14, 2025
Frontend Dashboard (CVE-2025-4474) , May 14, 2025
Frontend Dashboard (CVE-2025-4473) , May 14, 2025