CVE-2025-27276: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in lizeipe Photo Gallery (Responsive) WordPress plugin affecting versions through 4.0. The vulnerability was disclosed on February 24, 2025, and assigned identifier CVE-2025-27276. This security issue allows privilege escalation through CSRF attacks (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is classified as CWE-352: Cross-Site Request Forgery (CSRF). This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication (NVD, Patchstack).

The vulnerability allows attackers to perform privilege escalation attacks through CSRF. This could potentially lead to unauthorized access and execution of administrative actions on affected WordPress installations (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects Photo Gallery (Responsive) plugin versions through 4.0, and no patched version has been released (Patchstack).