{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22486", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:44:23.294Z", "datePublished": "2026-01-08T16:46:02.803Z", "dateUpdated": "2026-04-14T15:07:00.637Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-13T09:31:20.879Z"}, "title": "WordPress Re Gallery plugin <= 1.18.9 - Broken Access Control vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"product": "Re Gallery", "collectionURL": "https://wordpress.org/plugins", "packageName": "regallery", "versions": [{"status": "affected", "version": "n/a", "lessThanOrEqual": "1.18.9", "changes": [{"at": "1.18.10", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Re Gallery: from n/a through 1.18.9.</p>"}]}], "tags": ["x_open-source"], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10)."}]}], "credits": [{"lang": "en", "value": "Jitlada | Patchstack Bug Bounty Program", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T17:04:33.124925Z", "id": "CVE-2026-22486", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:07:00.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22486", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T17:04:33.124925Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T17:05:07.313Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Re Gallery plugin <= 1.18.9 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jitlada | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"product": "Re Gallery", "versions": [{"status": "affected", "changes": [{"at": "1.18.10", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.18.9"}], "packageName": "regallery", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Re Gallery: from n/a through 1.18.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-13T09:31:20.879Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22486", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:07:00.637Z", "dateReserved": "2026-01-07T13:44:23.294Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-08T16:46:02.803Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n Faltante en el Plugin Hakob Re Gallery &amp; Responsive Photo Gallery permite Explotar Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta al Plugin Re Gallery &amp; Responsive Photo Gallery: desde n/a hasta 1.17.18."}], "id": "CVE-2026-22486", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-08T17:15:50.777", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T17:42:08.182397+00:00", "value": {"mitigation_remediation": ["Update the WordPress Re Gallery plugin to version 1.18.10 or later.", "Review the plugin configuration to ensure that role checks are correctly enforced. ", "If the plugin is not essential for current site functionality, temporarily disable it until the update is applied."], "summary": {"action": "Patch", "impact": "Authorization Bypass"}, "threat_synthesis": {"affected_systems": "Any WordPress site that uses the Re Gallery plugin at version 1.18.9 or earlier is affected. The impact applies to users who can interact with the plugin interface, including those with limited or no administrative privileges.", "description_and_impact": "The vulnerability is a missing authorization flaw in WordPress Re Gallery plugin versions up to 1.18.9, allowing attackers to bypass role restrictions. This could expose or allow unauthorized modification of plugin or site data that is normally protected by access controls.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The flaw stems from incorrectly configured access controls in the plugin\u2019s web interface; no available public exploits are reported as of the data provided."}}}}, "created": "2026-01-09T13:24:27.381559+00:00", "updated": "2026-04-15T18:30:10.967179+00:00", "vendors": ["hakob", "hakob$PRODUCT$re_gallery_responsive_photo_gallery_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}