WordPress ACF Galerie 4 Plugin Broken Access Control Vulnerability Advisory

Vulnerability Overview Vulnerability Name: WordPress ACF Galerie 4 Plugin <= 1.4.2 Has Broken Access Control Vulnerability Vulnerability Type: Broken Access Control CVSS Score: 4.3 (Low priority) Release Date: April 23, 2026 Reporter: Nabil Irawan Impact Scope Affected Versions: ACF Galerie 4 Plugin <= 1.4.2 Fixed Version: 1.4.3 or higher Risk Description: This vulnerability may allow unauthorized users to perform higher-privilege operations and is suitable for large-scale attack campaigns. Remediation Plan Recommended Action: Update to version 1.4.3 or higher to resolve the vulnerability. Additional Recommendation: If unable to update manually, contact your hosting provider or website developer for assistance. Detailed Information Software: ACF Galerie 4 Type: Plugin Vulnerable Version: <= 1.4.2 Fixed Version: 1.4.3 Timeline Report Date: September 30, 2025 Early Warning Sent Date: April 23, 2026 Patchstack Published Date: April 23, 2026 Additional Information Vulnerability Description: The Broken Access Control issue refers to missing authorization, authentication, or nonce token checks, which may allow unauthorized users to perform higher-privilege operations. CVSS Score Note: CVSS score is a standardized and repeatable way to assess and report vulnerabilities but is not applicable to WordPress. Contact Information More Information: For additional information or questions, please contact Patchstack. Subscription Subscription Service: Weekly WordPress security intelligence delivered via email. Footer Information Patchstack Services: Provides vulnerability mitigation, code security, bug bounty, use cases, resources, and more. Related Links: Including pricing, application security, quick mitigation, threat intelligence, VS Manors, VS Insecurity, VS Wordfence, documentation, service status, login, etc. Summary This vulnerability involves a Broken Access Control issue in the WordPress ACF Galerie 4 Plugin, affecting versions <= 1.4.2. It is recommended to update to version 1.4.3 or higher to fix it.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress ACF Galerie 4 Plugin Broken Access Control Vulnerability Advisory