CVE-2023-40213 MEDIUM

CVE-2023-40213: WordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerability

Vendor Mateusz Czardybon
Product Justified Gallery
Weakness CWE-862 · Missing authorization
Published December 13, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3.

Key dates

02Disclosure timeline

December 13, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-57975 WordPress Team Plugin <= 5.0.6 - Broken Access Control Vulnerability CVE-2025-64404 Apache OpenOffice: Remote documents loaded without prompt via background and bullet images CVE-2024-0385 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory CVE-2023-3053 Page Builder by AZEXO <= 1.27.133 - Missing Authorization to Post Creation CVE-2025-14447 AnnunciFunebri Impresa <= 4.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion