WordPress UnGallery Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software UnGallery Type Plugin Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3582 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID a683aa770e00 Credits Bob Matyas Required privileg...

PT-2024-26752 · WordPress · The Ungallery

Name of the Vulnerable Software and Affected Versions: The UnGallery WordPress plugin versions 2.2.4 and earlier Description: The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS...

Ungallery <= 2.2.4 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following: Save Changes...

WordPress UnGallery Plugin <= 2.1.5 - Arbitrary Command Execution

This plugin is prone to "search" arbitrary command execution vulnerability. Solution Update plugin...