Description
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations.
Published: 2026-02-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read
Action: Immediate Patch
AI Analysis

Impact

The WP AUDIO GALLERY plugin for WordPress is vulnerable due to missing capability checks and the absence of nonce verification in the wpag_htaccess_callback function. This flaw allows an attacker who has authenticated access at the subscriber level or higher to overwrite the site’s .htaccess file with arbitrary content. In certain server configurations, this manipulation can enable the attacker to read files on the server that should otherwise be protected, representing an unauthorized data disclosure risk.

Affected Systems

Any installation of the WP AUDIO GALLERY plugin version 2.0 or earlier, developed by the vendor husainali52. The vulnerability exists for all WordPress sites that have the plugin activated and do not have a patched version installed.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, while the EPSS score of less than 1% suggests that exploitation is currently unlikely but not impossible. The flaw is not yet listed in CISA’s KEV catalog. The attack can be carried out from a web browser after an attacker has authenticated with a WordPress account that has subscriber or higher privileges, and the plugin’s callback then writes malicious data to the server’s .htaccess file. Once the file is altered, the attacker can read sensitive files, potentially leading to further compromise.

Generated by OpenCVE AI on April 21, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WP AUDIO GALLERY to the latest patched version or at least to a release beyond 2.0 where the capability checks and nonce verification have been added.
  • If an update is not immediately possible, remove or disable the wpag_htaccess_callback function by deactivating the plugin, or delete the plugin from the site entirely.
  • Restrict server file permissions so that the web process cannot write to .htaccess, and limit WordPress subscriber accounts to the minimum roles required for operation, discouraging the use of subscriber accounts for routine site management.

Generated by OpenCVE AI on April 21, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Husainali52
Husainali52 wp Audio Gallery
Wordpress
Wordpress wordpress
Vendors & Products Husainali52
Husainali52 wp Audio Gallery
Wordpress
Wordpress wordpress

Thu, 19 Feb 2026 05:00:00 +0000

Type Values Removed Values Added
Description The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations.
Title WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Husainali52 Wp Audio Gallery
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:04:32.795Z

Reserved: 2025-11-24T13:45:25.932Z

Link: CVE-2025-13603

cve-icon Vulnrichment

Updated: 2026-02-19T21:10:52.855Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T07:17:32.133

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-13603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T16:00:13Z

Weaknesses