Skip to main content

Envira Photo Gallery

1 CVEs product

Monthly

CVE-2026-54190 MEDIUM This Month

Broken access control in the Envira Photo Gallery WordPress plugin (versions <= 1.12.5) allows unauthenticated remote attackers to bypass authorization checks and perform unauthorized operations affecting site integrity and availability. The flaw stems from missing authorization enforcement (CWE-862) on one or more plugin endpoints, exploitable without any credentials or user interaction across default WordPress deployments. No public exploit code or CISA KEV listing has been identified at time of analysis, though the unauthenticated network vector keeps real-world risk elevated for any site running the affected plugin.

Authentication Bypass Envira Photo Gallery
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken access control in the Envira Photo Gallery WordPress plugin (versions <= 1.12.5) allows unauthenticated remote attackers to bypass authorization checks and perform unauthorized operations affecting site integrity and availability. The flaw stems from missing authorization enforcement (CWE-862) on one or more plugin endpoints, exploitable without any credentials or user interaction across default WordPress deployments. No public exploit code or CISA KEV listing has been identified at time of analysis, though the unauthenticated network vector keeps real-world risk elevated for any site running the affected plugin.

Authentication Bypass Envira Photo Gallery
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy