Beta

Report

WP Social Feed Gallery <= 2.4.7 is vulnerable to Authorization Check vulnerability

Unauthenticated
Published
2019-08-28

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.

CVE

https://www.cve.org/CVERecord?id=CVE-2019-15779

CVSS

Score:8.8

Severity:High

Version: 2.4.7

There is a patch available in v2.4.8 and we strongly recommend you update to this version as soon as possible.