Based on the description, a Cross‑Site Request Forgery vulnerability exists in lizeipe's Photo Gallery (Responsive) plugin, allowing an attacker to elevate privileges. The flaw permits an unauthorized user to trick a logged‑in administrator into submitting a malicious request that grants elevated permissions, effectively compromising the control of the site. The weakness is classified as CWE-352 and can lead to unauthorized changes, data exposure, or further exploitation by an attacker.

The vulnerability affects the Photo Gallery (Responsive) plugin, version 4.0 and earlier, delivered by lizeipe. Users running any release from the earliest available version through 4.0 are impacted and should verify their installed version.

The CVSS score of 8.8 signals a high severity, while the EPSS score of <1% indicates a low likelihood of widespread exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, meaning no confirmed exploits are known in the wild. Based on the description, it is inferred that exploitation requires an attacker to induce a victim with sufficient privileges to submit a forged request, making the attack vector most likely web‑based from an authenticated session. Once executed, an attacker can elevate privileges to administrator status.