CVE-2019-25149

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/	Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve	Broken Link Third Party Advisory
https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/	Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve	Broken Link Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:robogallery:gallery_images_ape:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:39

Type	Values Removed	Values Added
References	~~() https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/ - Exploit~~	() https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/ - Exploit
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve - Broken Link, Third Party Advisory~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve - Broken Link, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 7.6

Information

Published : 2023-06-07 02:15

Updated : 2024-11-21 04:39

NVD link : CVE-2019-25149

Mitre link : CVE-2019-25149

CVE.ORG link : CVE-2019-25149

JSON object : View

Products Affected

robogallery

gallery_images_ape

CWE

NVD-CWE-Other

{"id": "CVE-2019-25149", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-06-07T02:15:10.700", "references": [{"url": "https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/", "tags": ["Exploit"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve", "tags": ["Broken Link", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security."}], "lastModified": "2024-11-21T04:39:58.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:robogallery:gallery_images_ape:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CAB6EC6B-F83D-4AEC-819C-D64DB721B4D6", "versionEndIncluding": "2.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}