Meta-box GalleryMeta Missing Authorization Vulnerability in WordPress

Vulnerability

A vulnerability exists in the Meta-box GalleryMeta plugin for WordPress, all versions through 3.0.1, allowing unauthorized data modification. The issue arises from a lack of capability checks on the 'mb_gallery' custom post type. This flaw enables authenticated attackers with Author-level access or higher to create and publish galleries.

Impact

Exploitation of this vulnerability could lead to unauthorized gallery creation and publication, allowing attackers to manipulate gallery data without proper authorization.

Added: Jan 24, 2026, 9:29 AM

Updated: Jan 24, 2026, 9:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Meta-box GalleryMeta Missing Authorization Vulnerability in WordPress

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating