CVE-2019-25149 HIGH

CVE-2019-25149: Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

Vendor Galleryape

Product Gallery Images Ape

Weakness CWE-285

Published June 7, 2023

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.

Key dates

02Disclosure timeline

June 7, 2023 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25149 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2026-10236 SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization CVE-2025-2637 JIZHICMS Account Profile Page userinfo.html improper authorization CVE-2024-43729 Adobe Experience Manager | Improper Authorization (CWE-285) CVE-2025-65029 Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants CVE-2025-10277 YunaiV yudao-cloud submit improper authorization