Cyber Posture

CVE-2025-27276

High

Published: 24 February 2025

Published
24 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27276 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

Protects the authenticity of communications sessions to prevent CSRF attacks that trick authenticated users into escalating privileges via forged requests.

SI-10 Information Input Validation good match
prevent

Validates information inputs such as CSRF tokens on vulnerable plugin endpoints to block unauthorized privilege escalation requests.

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the specific CSRF flaw in the Photo Gallery plugin, eliminating the vulnerability across affected versions.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The CSRF vulnerability explicitly enables privilege escalation by allowing an unauthenticated attacker to trigger unauthorized privileged actions on the WordPress plugin via a tricked authenticated user, directly mapping to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) photo-gallery-pearlbells allows Privilege Escalation.This issue affects Photo Gallery ( Responsive ): from n/a through <= 4.0.

Deeper analysisAI

CVE-2025-27276 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, in the Photo Gallery (Responsive) WordPress plugin developed by lizeipe under the photo-gallery-pearlbells slug. Published on 2025-02-24, it enables privilege escalation and affects all versions from unknown initial release through 4.0 inclusive. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An unauthenticated attacker can exploit this CSRF flaw remotely with low complexity by tricking an authenticated user, such as an administrator, into interacting with a malicious webpage or clicking a forged link. This user interaction triggers unauthorized requests to the vulnerable plugin endpoints, allowing the attacker to escalate privileges on the WordPress site without prior access.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/photo-gallery-pearlbells/vulnerability/wordpress-photo-gallery-responsive-plugin-4-0-csrf-to-privilege-escalation-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-352

CVEs Like This One

CVE-2025-23530Shared CWE-352
CVE-2025-23532Shared CWE-352
CVE-2025-23797Shared CWE-352
CVE-2025-26206Shared CWE-352
CVE-2025-27012Shared CWE-352
CVE-2026-30793Shared CWE-352
CVE-2025-25928Shared CWE-352
CVE-2025-55041Shared CWE-352
CVE-2026-33649Shared CWE-352
CVE-2025-69634Shared CWE-352

References