The AI Responsive Gallery Album plugin for WordPress contains a missing authorization flaw that allows attackers to bypass configured access control levels and perform unauthorized actions on gallery content and configuration. The vulnerability can be exploited by any authenticated user or potentially a guest, depending on the plugin’s default settings, and may enable modification or deletion of galleries or exposure of sensitive data. This is listed as CWE‑862 (Missing Authorization).

August Infotech: AI Responsive Gallery Album plugin, all releases through and including version 1.4. The plugin is used with WordPress installations where the administrative interface is available. Users should check whether their active installation uses a version <= 1.4.

The CVSS score of 4.3 indicates a moderate impact, and the EPSS score of <1% suggests a low likelihood of widespread exploitation at this time. The vulnerability is not listed in CISA’s KEV. Attackers are likely to need at least a user account in the WordPress system, and the flaw occurs when the plugin’s internal checks do not enforce proper permission validation. While the risk is not high, administrators of sites running the affected plugin should consider the potential for unauthorized access to gallery data and configuration.