vulnerability
WordPress Plugin: gallery-portfolio: CVE-2023-32585: Missing Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:N/I:P/A:P) | May 11, 2023 | May 15, 2025 | Jul 10, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Published
May 11, 2023
Added
May 15, 2025
Modified
Jul 10, 2025
Description
The Portfolio Gallery – Responsive Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the TotalSoftPortfolio_Del_Callback() function called via an AJAX action in versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to delete arbitrary galleries. Please note there are many additional AJAX actions that are also vulnerable and can be used to perform other actions like cloning galleries and editing limited details for them.
Solution
gallery-portfolio-plugin-cve-2023-32585
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.