{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22486", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:44:23.294Z", "datePublished": "2026-01-08T16:46:02.803Z", "dateUpdated": "2026-04-29T14:32:17.887Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "regallery", "product": "Re Gallery", "versions": [{"changes": [{"at": "1.18.10", "status": "unaffected"}], "lessThanOrEqual": "1.18.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jitlada | Patchstack Bug Bounty Program"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Re Gallery: from n/a through 1.18.9.</p>"}], "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:45.400Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10)."}], "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10)."}], "source": {"discovery": "EXTERNAL"}, "tags": ["x_open-source"], "title": "WordPress Re Gallery plugin <= 1.18.9 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T17:04:33.124925Z", "id": "CVE-2026-22486", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-29T14:32:17.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22486", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T17:04:33.124925Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T17:05:07.313Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Re Gallery plugin <= 1.18.9 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jitlada | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"product": "Re Gallery", "versions": [{"status": "affected", "changes": [{"at": "1.18.10", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.18.9"}], "packageName": "regallery", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Re Gallery plugin to the latest available version (at least 1.18.10).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Re Gallery: from n/a through 1.18.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:45.400Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22486", "state": "PUBLISHED", "dateUpdated": "2026-04-29T14:32:17.887Z", "dateReserved": "2026-01-07T13:44:23.294Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-08T16:46:02.803Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n Faltante en el Plugin Hakob Re Gallery &amp; Responsive Photo Gallery permite Explotar Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta al Plugin Re Gallery &amp; Responsive Photo Gallery: desde n/a hasta 1.17.18."}], "id": "CVE-2026-22486", "lastModified": "2026-04-28T19:36:41.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-08T17:15:50.777", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T00:59:25.702818+00:00", "value": {"mitigation_remediation": ["Update the WordPress Re Gallery plugin to version 1.18.10 or later.", "Review the plugin configuration to ensure that role checks are correctly enforced.", "If the plugin is not essential for current site functionality, temporarily disable it until the update is applied."], "summary": {"action": "Patch", "impact": "Authorization Bypass"}, "threat_synthesis": {"affected_systems": "Any WordPress site that uses the Re Gallery plugin at version 1.18.9 or earlier is affected. The impact applies to users who can interact with the plugin interface, including those with limited or no administrative privileges.", "description_and_impact": "The vulnerability is a missing authorization flaw in the WordPress Re Gallery plugin. It enables an attacker to exploit incorrectly configured access\u2011control security levels, allowing them to bypass role checks and access or modify data that should be restricted. The weakness is an access\u2011control issue (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The flaw stems from incorrectly configured access controls in the plugin\u2019s web interface; no available public exploits are reported as of the data provided."}}}}, "created": "2026-01-09T13:24:27.381559+00:00", "updated": "2026-04-29T01:00:11.421316+00:00", "vendors": ["hakob", "hakob$PRODUCT$re_gallery_responsive_photo_gallery_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}