CVE-2023-0441 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2023-0441?

CVE-2023-0441 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0441?

Check the references section above for vendor advisories and patch information. Affected products include: Simplygallery Simply Gallery Blocks With Lightbox.

Vulnerability Description

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Simplygallery	Simply Gallery Blocks With Lightbox	< 3.0.8

References

https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0ExploitThird Party Advisory
https://wpscan.com/vulnerability/11703e49-c042-4eb6-9a5f-6e006e3725a0ExploitThird Party Advisory

FAQ

What is CVE-2023-0441?

CVE-2023-0441 is a vulnerability with a CVSS score of 8.1 (HIGH). The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, ...

How severe is CVE-2023-0441?

CVE-2023-0441 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0441?

Check the references section above for vendor advisories and patch information. Affected products include: Simplygallery Simply Gallery Blocks With Lightbox.