This vulnerability (CWE-862) in the Album Gallery – WordPress Gallery plugin involves missing authorization controls, allowing users with limited privileges to potentially access or perform actions they should not be authorized to do. It affects versions through 1.5.7. The CVSS 3.1 base score is 4.3, reflecting network attack vector, low attack complexity, requiring privileges, no user interaction, unchanged scope, and limited confidentiality impact. No patch or official remediation level has been disclosed by the vendor or Patchstack as of the publication date.

The vulnerability could allow an attacker with some level of privileges to bypass authorization checks, potentially leading to unauthorized access to certain plugin functionalities or data. The impact is limited to confidentiality with no impact on integrity or availability. There are no known active exploits reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, limit user privileges to trusted users only and monitor for updates from the vendor. Avoid granting unnecessary privileges that could be exploited via this vulnerability.