CVE-2024-4194 - OpenCVE

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Essentialplugin	Album And Image Gallery Plus Lightbox

Configuration 1 [-]

cpe:2.3:a:essentialplugin:album_and_image_gallery_plus_lightbox:*:*:*:*:free:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207
https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185
https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve

History

Wed, 09 Oct 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Essentialplugin Essentialplugin album And Image Gallery Plus Lightbox
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:essentialplugin:album_and_image_gallery_plus_lightbox:::::free:wordpress::
Vendors & Products		Essentialplugin Essentialplugin album And Image Gallery Plus Lightbox

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-06T02:02:57.036Z

Updated: 2024-08-01T20:33:52.852Z

Reserved: 2024-04-25T15:27:36.525Z

Link: CVE-2024-4194

Vulnrichment

Updated: 2024-08-01T20:33:52.852Z

NVD

Status : Analyzed

Published: 2024-06-06T02:15:53.453

Modified: 2024-10-09T15:36:58.887

Link: CVE-2024-4194

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4194", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-25T15:27:36.525Z", "datePublished": "2024-06-06T02:02:57.036Z", "dateUpdated": "2024-08-01T20:33:52.852Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-06T02:02:57.036Z"}, "affected": [{"vendor": "wponlinesupport", "product": "Album and Image Gallery plus Lightbox", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "title": "Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207"}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2024-06-05T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "wponlinesupport", "product": "album_and_image_gallery_plus_lightbox", "cpes": ["cpe:2.3:a:wponlinesupport:album_and_image_gallery_plus_lightbox:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T15:16:35.008248Z", "id": "CVE-2024-4194", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T20:00:20.537Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.852Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.852Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4194", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T15:16:35.008248Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wponlinesupport:album_and_image_gallery_plus_lightbox:*:*:*:*:*:*:*:*"], "vendor": "wponlinesupport", "product": "album_and_image_gallery_plus_lightbox", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T15:22:15.906Z"}}], "cna": {"title": "Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}], "affected": [{"vendor": "wponlinesupport", "product": "Album and Image Gallery plus Lightbox", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-05T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207"}, {"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185"}], "descriptions": [{"lang": "en", "value": "The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-06T02:02:57.036Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4194", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:52.852Z", "dateReserved": "2024-04-25T15:27:36.525Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-06T02:02:57.036Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:essentialplugin:album_and_image_gallery_plus_lightbox:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "2EA1A7DD-A95B-4C37-BE3B-A06FE0C0DF88", "versionEndExcluding": "2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}, {"lang": "es", "value": "El complemento The Album and Image Gallery plus Lightbox para WordPress es vulnerable a la ejecuci\u00f3n arbitraria de c\u00f3digos cortos en todas las versiones hasta la 2.0 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios."}], "id": "CVE-2024-4194", "lastModified": "2024-10-09T15:36:58.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-06T02:15:53.453", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}