What the vulnerability does
01Description
Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.
CVE-2022-38135
MEDIUM
CVE-2022-38135: WordPress Photospace Gallery plugin <= 2.3.5 - Broken Access Control vulnerability
CVSS base score
5.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Key dates
02Disclosure timeline
September 12, 2022
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-35242 WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability
CVE-2017-12230
CVE-2019-15272 Cisco Unified Communications Manager Security Bypass Vulnerability
CVE-2019-1730 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
CVE-2022-38070 WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability
