3 matches found
CVE-2024-10535 Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeunusedthumbnails function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails ...
CVE-2024-10535
The CVE-2024-10535 entry concerns the Video Gallery for WooCommerce plugin for WordPress. Multiple connected sources confirm affected software and root cause: versions up to and including 1.31 are vulnerable due to a missing capability check in the remove_unused_thumbnails() function, enabling un...
WordPress Video Gallery for WooCommerce Plugin <= 1.31 is vulnerable to Broken Access Control
Software Video Gallery for WooCommerce Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10535 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fc5201d78d06 Credits incognito Require...