PatchSiren cyber security CVE debrief
CVE-2026-54190 Awesomemotive CVE debrief
CVE-2026-54190 is a medium-severity vulnerability (CVSS Score: 6.5) in the Envira Photo Gallery plugin versions <= 1.12.5. The vulnerability is classified as unauthenticated broken access control. The CVE was published and modified on June 16, 2026, at 10:16:28 GMT.
- Vendor
- Awesomemotive
- Product
- Envira Photo Gallery
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Envira Photo Gallery plugin versions <= 1.12.5 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L and is classified under CWE-862. It was reported by [email protected].
Defensive priority
medium
Recommended defensive actions
- Update Envira Photo Gallery plugin to a version greater than 1.12.5.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/envira-gallery-lite/vulnerability/wordpress-envira-photo-gallery-plugin-1-12-5-broken-access-control-vulnerability?_s_id=cve) for mitigation or vendor's
Evidence notes
The vendor information is currently unknown, and the canonical source is listed as 'reference_domain_weak' with low confidence.
Official resources
-
CVE-2026-54190 CVE record
CVE.org
-
CVE-2026-54190 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-54190 was published and modified on June 16, 2026, at 10:16:28 GMT.