CVE-2025-11448 | Gallery Plugin up to 1.11.0 on WordPress REST API Endpoint bulk-convert authorization

Inserito da Angelo Barbosa | Nov 8, 2025 | CVE

A vulnerability categorized as critical has been discovered in Gallery Plugin up to 1.11.0 on WordPress. This impacts an unknown function of the file /envira-convert/v1/bulk-convert of the component REST API Endpoint. The manipulation results in missing authorization.

This vulnerability is identified as CVE-2025-11448. The attack can be executed remotely. There is not any exploit available.

CVE-2025-11448 | Gallery Plugin up to 1.11.0 on WordPress REST API Endpoint bulk-convert authorization

Post correlati

CVE-2024-3760 | lunary-ai lunary up to 1.2.7 allocation of resources

CVE-2024-38156 | Microsoft Edge up to 126.0.2592.81 cross site scripting

CVE-2024-25320 | Tongda OA 2017 up to 11.9 /affair/delete.php AFF_ID sql injection

CVE-2024-4856 | FS Product Inquiry Plugin up to 1.1.1 on WordPress cross site scripting