{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T21:31:04.688","vulnerabilities":[{"cve":{"id":"CVE-2025-13603","sourceIdentifier":"security@wordfence.com","published":"2026-02-19T07:17:32.133","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the \"wpag_htaccess_callback\" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations."},{"lang":"es","value":"El plugin WP AUDIO GALLERY para WordPress es vulnerable a la Lectura Arbitraria de Archivos No Autorizada en todas las versiones hasta la 2.0, inclusive. Esto se debe a comprobaciones de capacidad insuficientes y a la falta de verificación de nonce en la función 'wpag_htaccess_callback'. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, sobrescriban el archivo .htaccess del sitio con contenido arbitrario, lo que puede llevar a la lectura arbitraria de archivos en el servidor bajo ciertas configuraciones."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/lib/util-functions.php#L133","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L162","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L647","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/852959d1-f8e0-4c1f-8a5c-5923bedc4889?source=cve","source":"security@wordfence.com"}]}}]}