WP AUDIO GALLERY

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations.

AI Analysis

Arbitrary File Read vulnerability in WP AUDIO GALLERY plugin due to insufficient capability checks and lack of nonce verification

Basic Information

ID CVE-2025-13603

Source Wordfence

Published Feb 19, 2026 at 04:36

Affected Product

Vendor husainali52

Product WP AUDIO GALLERY

Version *

Affected Versions husainali52 WP AUDIO GALLERY *

CWE Classification

CWE-862

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor husainali52

Product WP AUDIO GALLERY

Version 2.0

References

{
    "lastseen": "",
    "description": "The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the \"wpag_htaccess_callback\" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations.",
    "published": "2026-02-19T04:36:17.771Z",
    "modified": "2026-02-19T04:36:17.771Z",
    "type": "cve",
    "title": "WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/852959d1-f8e0-4c1f-8a5c-5923bedc4889?source=cve\nhttps://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L162\nhttps://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L647\nhttps://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/lib/util-functions.php#L133",
    "id": "CVE-2025-13603",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "husainali52 WP AUDIO GALLERY *",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP AUDIO GALLERY",
    "version": "*",
    "vendor": "husainali52",
    "ai_description": "Arbitrary File Read vulnerability in WP AUDIO GALLERY plugin due to insufficient capability checks and lack of nonce verification",
    "ai_severity": "High",
    "ai_vendor": "husainali52",
    "ai_product": "WP AUDIO GALLERY",
    "ai_version": "2.0",
    "ai_score": 8.8
}

WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation_CVE-2025-13603