WordPress Grid Gallery – Photo Image Grid Gallery plugin <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode vulnerability

Authenticated Contributor+ PHP Object Injection via shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Grid Gallery versions = 1.4.3...

WordPress Grid Gallery Plugin <= 1.4.3 is vulnerable to PHP Object Injection

Software Grid Gallery Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1897 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 43f9768655e4 Credits Francesco Carlucci Required privilege...