Lucene search

PatchstackCVELIST:CVE-2024-37442

HistoryJul 09, 2024 - 10:42 a.m.

CVE-2024-37442 WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability

2024-07-0910:42:51

CWE-74

Patchstack

www.cve.org

wordpress

photo gallery

ays

html injection

vulnerability

code injection

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

16.8%

JSON

Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gallery-photo-gallery",
    "product": "Photo Gallery by Ays",
    "vendor": "Photo Gallery Team",
    "versions": [
      {
        "changes": [
          {
            "at": "5.7.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.7.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-7-1-html-injection-vulnerability?_s_id=cve

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

16.8%

JSON

Related for CVELIST:CVE-2024-37442