The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-03-27T15:37:16.230Z

Updated: 2024-08-02T05:10:56.333Z

Reserved: 2023-01-23T13:24:15.816Z

Link: CVE-2023-0441

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-27T16:15:08.193

Modified: 2024-11-21T07:37:11.260

Link: CVE-2023-0441

cve-icon Redhat

No data.