Vulnerability Description
The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Robogallery | Gallery Images Ape | <= 2.0.6 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbExploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930Broken LinkThird Party Advisory
- https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbExploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930Broken LinkThird Party Advisory
FAQ
What is CVE-2019-25149?
CVE-2019-25149 is a vulnerability with a CVSS score of 7.6 (HIGH). The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to dea...
How severe is CVE-2019-25149?
CVE-2019-25149 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25149?
Check the references section above for vendor advisories and patch information. Affected products include: Robogallery Gallery Images Ape.