CVE-2019-25149

HIGH

Gallery Images Ape <2.0.6 - Privilege Escalation

Title source: llm

Description

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.

References (2)

Core 2

Core References

Exploit

https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/

Broken Link, Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve

Scores

CVSS v3 7.6

EPSS 0.0061

EPSS Percentile 44.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (2)

galleryape/Gallery Images Ape < 2.0.7

robogallery/gallery_images_ape < 2.0.6

Published Jun 07, 2023

Tracked Since Feb 18, 2026