CVE-2024-5481: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function
First published: Fri Jun 07 2024(Updated: )
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10quality Post Gallery | <1.8.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve
- https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178
- https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512
- https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436
- https://plugins.trac.wordpress.org/changeset/3098798/
- https://wordpress.org/plugins/photo-gallery/#developers
Frequently Asked Questions
What is the severity of CVE-2024-5481?
CVE-2024-5481 has been classified as a high severity vulnerability due to its potential for exploitation by authenticated attackers.
How do I fix CVE-2024-5481?
To fix CVE-2024-5481, update the Photo Gallery by 10Web plugin to version 1.8.24 or later.
What impact does CVE-2024-5481 have on my WordPress site?
CVE-2024-5481 allows authenticated attackers to exploit path traversal vulnerabilities, potentially leading to unauthorized file access.
Which versions of the Photo Gallery by 10Web are affected by CVE-2024-5481?
All versions of the Photo Gallery by 10Web plugin up to and including 1.8.23 are affected by CVE-2024-5481.
Who can exploit CVE-2024-5481?
CVE-2024-5481 can be exploited by authenticated attackers who have access to the WordPress site.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/10web
- canonical/10quality post gallery