CVE-2024-11103: Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover
First published: Thu Nov 28 2024(Updated: )
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Contest Gallery | <=24.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=cve
- https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-password-reset.php#L88
- https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php#L31
- https://plugins.trac.wordpress.org/changeset/3196011/contest-gallery/tags/24.0.8/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php?old=3190068&old_path=contest-gallery%2Ftags%2F24.0.7%2Fv10%2Fv10-admin%2Fusers%2Ffrontend%2Flogin%2Fajax%2Fusers-login-check-ajax-lost-password.php
Frequently Asked Questions
What is the severity of CVE-2024-11103?
CVE-2024-11103 has been classified as a high severity vulnerability due to its potential for privilege escalation and account takeover.
How do I fix CVE-2024-11103?
To fix CVE-2024-11103, update the Contest Gallery plugin to version 24.0.8 or later, which addresses the identity validation issue.
Who is affected by CVE-2024-11103?
All versions of the Contest Gallery plugin for WordPress up to and including 24.0.7 are affected by CVE-2024-11103.
What does CVE-2024-11103 allow an attacker to do?
CVE-2024-11103 allows an attacker to potentially escalate their privileges by taking over an account due to insufficient identity validation.
Is there a workaround for CVE-2024-11103?
There is no official workaround for CVE-2024-11103; the only resolution is to update the plugin to a secure version.
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/contest gallery
- canonical/contest gallery