Vimeo SimpleGallery Missing Authorization Vulnerability in WordPress

Vulnerability

A vulnerability exists in the Vimeo SimpleGallery plugin for WordPress, in all versions through 0.2, due to missing authorization checks. This flaw allows authenticated users with Subscriber-level access and above to modify arbitrary plugin settings by exploiting the 'action' parameter. The issue arises from the 'vimeogallery_admin' function, which lacks proper authorization before allowing changes to plugin options.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of plugin settings, potentially allowing attackers to alter how the gallery functions or is displayed.

Added: Dec 12, 2025, 4:31 AM

Updated: Dec 12, 2025, 4:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vimeo SimpleGallery Missing Authorization Vulnerability in WordPress

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating