The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
History

Mon, 09 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Webdzier
Webdzier gallery
CPEs cpe:2.3:a:webdzier:gallery:*:*:*:*:*:*:*:*
Vendors & Products Webdzier
Webdzier gallery
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 07 Dec 2024 11:30:00 +0000

Type Values Removed Values Added
Description The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Title Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-07T11:09:53.288Z

Updated: 2024-12-09T16:06:10.220Z

Reserved: 2024-11-20T14:15:58.473Z

Link: CVE-2024-11501

cve-icon Vulnrichment

Updated: 2024-12-09T16:06:04.908Z

cve-icon NVD

Status : Received

Published: 2024-12-07T12:15:19.783

Modified: 2024-12-07T12:15:19.783

Link: CVE-2024-11501

cve-icon Redhat

No data.