Headline
CVE-2022-35726: WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication - Patchstack
Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Monitoring Coming soon
Vulnerable versions
<= 1.3.4.5
PSID
41d6a29e4231
Classification
Broken Authentication
OWASP Top 10
A5: Broken Access Control
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-08-22
Details
Broken Authentication leading to cache delete discovered by Muhammad Daffa (Patchstck Alliance) in WordPress Video Gallery plugin (versions <= 1.3.4.5).
Solution
Update the WordPress Video Gallery plugin to the latest available version (at least 1.3.5).
References