CVE-2025-14288
Unauthorized Settings Modification in Gallery Blocks WordPress Plugin
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | gallery_blocks | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Gallery Blocks with Lightbox plugin to a version later than 3.3.0 where the issue is fixed. Additionally, restrict user roles so that only trusted users have Contributor-level access or higher, as the vulnerability allows modification of plugin settings by authenticated users with Contributor-level access and above.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources and context do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the Gallery Blocks with Lightbox plugin version 3.3.0 or earlier, as these versions are vulnerable. Additionally, monitoring for unauthorized changes to plugin settings prefixed with 'pgc_sgb_*' by users with Contributor-level access or above can indicate exploitation attempts. Since the vulnerability involves an AJAX handler (`pgc_sgb_action_wizard`) that improperly checks permissions, you can look for suspicious AJAX requests to this handler. For detection, you can use WordPress CLI commands to check the installed plugin version, for example: `wp plugin get simply-gallery-block --field=version`. Also, reviewing web server logs or using network monitoring tools to detect POST requests to `admin-ajax.php` with the action parameter `pgc_sgb_action_wizard` from non-admin users may help identify exploitation attempts. Specific commands might include: 1. `wp plugin get simply-gallery-block --field=version` to verify plugin version. 2. Using grep or similar tools on web server logs to find AJAX requests: `grep 'action=pgc_sgb_action_wizard' /var/log/apache2/access.log` (adjust path as needed). 3. Monitoring WordPress option changes with prefix `pgc_sgb_` via database queries or audit plugins. However, no explicit detection commands are provided in the resources. [2, 3]
How can this vulnerability impact me? :
An attacker with Contributor-level access or higher can exploit this vulnerability to modify plugin settings without proper authorization. This could lead to unauthorized changes in the plugin's behavior, potentially compromising the website's functionality or security depending on what settings are altered.
Can you explain this vulnerability to me?
This vulnerability exists in the Gallery Blocks with Lightbox WordPress plugin (up to version 3.3.0) where the plugin incorrectly uses the 'edit_posts' capability check instead of the more restrictive 'manage_options' check for updating plugin settings via an AJAX handler. As a result, authenticated users with Contributor-level access or higher can modify arbitrary plugin settings prefixed with 'pgc_sgb_*', which they should not normally be able to change.