The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Webdzier
Webdzier gallery |
|
CPEs | cpe:2.3:a:webdzier:gallery:*:*:*:*:*:*:*:* | |
Vendors & Products |
Webdzier
Webdzier gallery |
|
Metrics |
ssvc
|
Sat, 07 Dec 2024 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |
Title | Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection | |
Weaknesses | CWE-502 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-07T11:09:53.288Z
Updated: 2024-12-09T16:06:10.220Z
Reserved: 2024-11-20T14:15:58.473Z
Link: CVE-2024-11501
Vulnrichment
Updated: 2024-12-09T16:06:04.908Z
NVD
Status : Received
Published: 2024-12-07T12:15:19.783
Modified: 2024-12-07T12:15:19.783
Link: CVE-2024-11501
Redhat
No data.