Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
WP AUDIO GALLERY plugin for WordPress allows attackers to read files
CVE-2025-13603
Summary
The WP AUDIO GALLERY plugin for WordPress is outdated and vulnerable to attack. This means that someone with a user account, even a basic one, could potentially read sensitive files on your server. If you use this plugin, update it to a newer version to fix this issue.
Original title
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonc...
Original description
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations.
nvd CVSS3.1
8.8
Vulnerability type
CWE-862
Missing Authorization
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/lib/util-fu...
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-ga...
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-ga...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/852959d1-f8e0-4c1f-8a5...
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026