CVE-2024-3899

State: PUBLISHED · Published: 2024-09-11 · Updated: 2024-09-11 · Assigner: WPScan

Description

The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.

CWE

(none)

Affected

Unknown / Gallery Plugin for WordPress — v=0 <1.8.15 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/e3afadda-4d9a-4a51-b744-10de7d8d8578/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2024/3xxx/CVE-2024-3899.json