2 matches found
CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...
WordPress InPost Gallery Plugin <= 2.1.4.2 is vulnerable to Arbitrary Code Execution
Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.2 Fixed in 2.1.4.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-11002 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 33afec67c5eb Credits Arkadiusz Hydzik Required privile...