CVE-2024-35720 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00377.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Awplife	Album Gallery

Configuration 1 [-]

cpe:2.3:a:awplife:album_gallery:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-35478	Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.

Fixes

Solution

Update to 1.5.8 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve

History

Wed, 25 Sep 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Awplife Awplife album Gallery
CPEs		cpe:2.3:a:awplife:album_gallery::::::wordpress::*
Vendors & Products		Awplife Awplife album Gallery

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-10T07:59:38.324Z

Updated: 2024-08-02T03:14:53.919Z

Reserved: 2024-05-17T10:09:31.574Z

Link: CVE-2024-35720

Vulnrichment

Updated: 2024-06-10T12:48:04.804Z

NVD

Status : Modified

Published: 2024-06-10T08:15:48.950

Modified: 2024-11-21T09:20:44.447

Link: CVE-2024-35720

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35720", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-05-17T10:09:31.574Z", "datePublished": "2024-06-10T07:59:38.324Z", "dateUpdated": "2024-08-02T03:14:53.919Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "new-album-gallery", "product": "Album Gallery \u2013 WordPress Gallery", "vendor": "A WP Life", "versions": [{"changes": [{"at": "1.5.8", "status": "unaffected"}], "lessThanOrEqual": "1.5.7", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steven Julian (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery.<p>This issue affects Album Gallery \u2013 WordPress Gallery: from n/a through 1.5.7.</p>"}], "value": "Missing Authorization vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery.This issue affects Album Gallery \u2013 WordPress Gallery: from n/a through 1.5.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-10T07:59:38.324Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.5.8 or a higher version."}], "value": "Update to 1.5.8 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Album Gallery \u2013 WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T12:47:54.887008Z", "id": "CVE-2024-35720", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T12:48:07.321Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:14:53.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35720", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-05-17T10:09:31.574Z", "datePublished": "2024-06-10T07:59:38.324Z", "dateUpdated": "2024-06-10T12:48:07.321Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "new-album-gallery", "product": "Album Gallery \u2013 WordPress Gallery", "vendor": "A WP Life", "versions": [{"changes": [{"at": "1.5.8", "status": "unaffected"}], "lessThanOrEqual": "1.5.7", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Steven Julian (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery.<p>This issue affects Album Gallery \u2013 WordPress Gallery: from n/a through 1.5.7.</p>"}], "value": "Missing Authorization vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery.This issue affects Album Gallery \u2013 WordPress Gallery: from n/a through 1.5.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-10T07:59:38.324Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.5.8 or a higher version."}], "value": "Update to 1.5.8 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Album Gallery \u2013 WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35720", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T12:47:54.887008Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T12:48:04.804Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awplife:album_gallery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D8255B98-6D23-43D8-A72F-5CFA1F08DFF8", "versionEndExcluding": "1.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery.This issue affects Album Gallery \u2013 WordPress Gallery: from n/a through 1.5.7."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en A WP Life Album Gallery \u2013 WordPress Gallery. Este problema afecta a la Galer\u00eda de \u00e1lbumes \u2013 Galer\u00eda de WordPress: desde n/a hasta 1.5.7."}], "id": "CVE-2024-35720", "lastModified": "2024-11-21T09:20:44.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-10T08:15:48.950", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/new-album-gallery/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}