3 matches found
CVE-2024-8431 Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private Gallery Title Disclosure
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with...
CVE-2024-8431
CVE-2024-8431 affects the WordPress plugin Robo Gallery (Photo Gallery, Images, Slider) up to version 3.2.21. The flaw is a missing capability check in ajaxGetGalleryJson(), allowing authenticated users with Subscriber+ privileges to retrieve private post titles. Public exploitation details are n...
WordPress Robo Gallery Plugin <= 3.2.21 is vulnerable to Broken Access Control
Software Robo Gallery Type Plugin Vulnerable versions = 3.2.21 Fixed in 3.2.22 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8431 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 241f632267e8 Credits Trương Hữu Phúc truonghuuphuc...