The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 24 Sep 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries. | |
Title | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-24T07:30:45.969Z
Updated: 2024-09-24T13:36:43.314Z
Reserved: 2024-09-04T18:06:03.047Z
Link: CVE-2024-8437
Vulnrichment
Updated: 2024-09-24T13:36:18.343Z
NVD
Status : Awaiting Analysis
Published: 2024-09-25T01:15:46.500
Modified: 2024-09-26T13:32:02.803
Link: CVE-2024-8437
Redhat
No data.