CVE-2021-24795: 
WordPress vulnerability analysis and mitigation

The Filter Portfolio Gallery WordPress plugin through version 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that affects the gallery deletion functionality. The vulnerability was discovered and publicly disclosed on November 15, 2021. This security issue impacts WordPress installations running the Filter Portfolio Gallery plugin version 1.5 and earlier versions (WPScan).

The vulnerability stems from the lack of CSRF protection mechanisms when deleting a gallery through the plugin's admin interface. The issue has been assigned CVE-2021-24795 and has received a CVSS v3.1 base score of 6.5 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) (NVD).

If successfully exploited, this vulnerability allows attackers to trick authenticated administrators into deleting arbitrary galleries from the WordPress installation without their knowledge or consent. The impact is limited to the deletion of gallery content, with no ability to read or modify other data (WPScan).

As of the latest reports, there is no known fix available for this vulnerability. The recommended mitigation is to either uninstall the Filter Portfolio Gallery plugin or implement additional security controls to restrict access to the plugin's administrative functions (WPScan).